NPR logo Don't Follow That Link!: Marketer Warns Hackers Stole Names, EMail Addresses


Don't Follow That Link!: Marketer Warns Hackers Stole Names, EMail Addresses

A marketing company that counts A-listers like Best Buy, JPMorgan Chase and Capital One as clients announced over the weekend that someone had hacked into its computer systems and stolen the email addresses of an unknown number of its customers.

In its reporting, Reuters says the incident could be "one of the biggest such breaches in U.S. history." Reuters reports that Epsilon sends more than 40 billion solicited email ads annually.

Best Buy sent this note to its customers this morning:

On March 31, we were informed by Epsilon, a company we use to send emails to our customers, that files containing the email addresses of some Best Buy customers were accessed without authorization.

We have been assured by Epsilon that the only information that may have been obtained was your email address and that the accessed files did not include any other information. A rigorous assessment by Epsilon determined that no other information is at risk. We are actively investigating to confirm this.

A computer screen inbox displaying spam. i

A computer screen inbox displaying spam. Mike Clarke/AFP/Getty Images hide caption

toggle caption Mike Clarke/AFP/Getty Images
A computer screen inbox displaying spam.

A computer screen inbox displaying spam.

Mike Clarke/AFP/Getty Images

The note goes on to say that customers should be careful in what links they follow and what email they open. CNN reports that the biggest worry experts have is "targeted phishing," which are spam emails that look legitimate because they contain a piece of personal information or are addressed specifically to a person. CNN provides an example:

Say you had signed up to receive marketing emails from Kroger, which is a major U.S. grocery store chain. If your e-mail address and name were stolen as part of the recent security breach, a scammer, knowing you sometimes get e-mails from Kroger and probably wouldn't be suspicious of them, could design a fake e-mail that looks like it came from Kroger. Such an e-mail might ask you for sensitive information, like a Social Security number or bank account number.

If you divulged that kind of personal data, you could become a victim of identity theft.

Bottom line, says TechCrunch, be extremely careful and check things out throughly before you give out sensitive information.

Tivo, Ritz-Carlton Rewards, Brookstone, Citi, Kroger, Home Shopping Network and The College Board were among the companies affected by the breach. Security Week is keeping a list of all them.



Please keep your community civil. All comments must follow the Community rules and terms of use, and will be moderated prior to posting. NPR reserves the right to use the comments we receive, in whole or in part, and to use the commenter's name and location, in any medium. See also the Terms of Use, Privacy Policy and Community FAQ.