Special Security Alert 4-5-11

reprinted with permission by Heartland Technologies Group

I start each morning with a cup of coffee and a quick email check to weed out the junk mail before I make it to the office. Yesterday morning, however, two pieces of mail caught my eye – one from US BANK and one from CITI Card. They were both titled “Important Email Security Information”. Each email let me know that I was part of the Epsilon Data Breach, which meant that hackers had gained access to information about me by hacking into the Epsilon database (a 3rd Party Marketing Company that serves financial institutions and many other companies -see the list at the bottom of this email). Both companies assured me that only my name and email address could have been compromised. What they did warn me about is being watchful for “suspicious emails” that might come my way.

Here at HTS, we want to pass the same warning along to you. Rest assured, none of your HTS information is part of the Epsilon database. However, we believe that every email user should be even more vigilant in the coming months about email phishing. Take just a moment and read through the points below:

►E-mail is NOT a secure form of communication. Always be guarded about what you send in an email. For example, I never send my credit card number or social security number in an email.

►Phishing attacks will be on the rise. Phishing, as it relates to electronic communication, is a hacker’s attempt to gain personal information related to your email address such as passwords, account numbers, and database-specific usernames. If an email comes to you asking you to click on a link to verify any confidential information, DON’T. As a result of the Epsilon breach, these emails might come from company and financial institution names that you recognize because you do business there already. It would be the first step in getting you to lower your guard. Instead of answering the email, contact customer service at that company instead.

►Pay close attention to email sender’s addresses. If you recognize the domain name but it ends in something other than .com, be suspicious. Most attacks originate outside of the US. Also, look for spelling errors, grammar errors or an email that sounds “urgent”.

►Consider changing your passwords to “strong” passwords that contain a combination of upper and lower case letters, symbols and numbers at least 8 characters in length.

You can never be too careful when it comes to protecting your personal information – this Epsilon attack has made me think twice about the information I so willingly pass across the internet every day.

Take Care,

Jane Cage, COO
Heartland Technology Solutions
 

Companies Known to Date Affected by Epsilon Data Breach  
obtained from databreaches.net

1-800-FLOWERS
AbeBooks
AIR MILES Reward Program (Canada)
Ameriprise
Barclays Bank of Delaware ( Barclay’s L.L. Bean Visa card)
Beachbody
bebe
Best Buy
Best Buy Canada Reward Zone
Benefit Cosmetics (see below)
Brookstone
Capital One
Citi
City Market
College Board
Dillons
Disney Destinations (The Walt Disney Travel Company)
Eddie Bauer Friends (copy forwarded to DataBreaches.net by recipient)
Eileen Fisher (doesn’t name Epsilon but same template letter)
Ethan Allen
Food 4 Less
Fred Meyer
Fry’s
Hilton Honors
Home Shopping Network (HSN)
Jay C
JPMorgan Chase
King Soopers
Kroger
Lacoste (as per TG Daily)
Marriott Rewards
McKinsey Quarterly
MoneyGram (h/t, DataLossDB mail list)
New York & Company
QFC
Ralphs
Red Roof Inn
Ritz-Carlton Rewards
Robert Half International
Smith Brands
Target (via KrebsonSecurity.com and a site reader who’s getting tired of receiving notices this week)
TD Ameritrade
TiVo
US Bank
Visa (Barclays Bank of Delaware/L.L. Bean Visa, BJ’s Visa
Walgreens

Blog - Miscellaneous