The Epsilon Email Hack
April 5th, 2011
It’s never a good thing to get an email like the following, which in this case came from Hilton Honors — which is connected to my American Express card, and which evidently doesn’t follow AP style:
Dear Customer:
We were notified by our database marketing vendor, Epsilon, that we are among a group of companies affected by a data breach. How will this affect you? The company was advised by Epsilon that the files accessed did not include any customer financial information, and Epsilon has stressed that the only information accessed was names and e-mail addresses. The most likely impact, if any, would be receipt of unwanted e-mails. We are not aware at this time of any unsolicited e-mails (spam) that are related, but as a precaution, we want to remind you of a couple of tips that should always be followed:
• Do not open e-mails from senders you do not know
• Do not share personal information via e-mail
Hilton Worldwide, its brands and loyalty program will never ask you to e-mail personal information such as credit card numbers or social security numbers. You should be cautious of “phishing” e-mails, where the sender tries to trick the recipient into disclosing confidential or personal information. If you receive such a request, it did not come from Hilton Worldwide, its brands or its loyalty program. If you receive this type of request you should not respond to it but rather notify us at fraud_alert@hilton.com.
As always, we greatly value your business and loyalty, and take this matter very seriously. Data privacy is a critical focus for us, and we will continue to work to ensure that all appropriate measures are taken to protect your personal information from unauthorized access.
About two minutes after I created this post, I received the following email from Target:
To our valued guests,
Target’s email service provider, Epsilon, recently informed us that their data system was exposed to unauthorized entry. As a result, your email address may have been accessed by an unauthorized party. Epsilon took immediate action to close the vulnerability and notified law enforcement.
While no personally identifiable information, such as names and credit card information, was involved, we felt it was important to let you know that your email may have been compromised. Target would never ask for personal or financial information through email.
Consider these tips to help protect your personal information online:
• Don’t provide sensitive information through email. Regular email is not a secure method to transmit personal information.
• Don’t provide sensitive information outside of a secure website. Legitimate companies will not attempt to collect personal information outside a secure website. If you are concerned, contact the organization represented in the email.
• Don’t open emails from senders you don’t know.
We sincerely regret that this incident occurred. Target takes information protection very seriously and will continue to work to ensure that all appropriate measures are taken to protect personal information. Please contact Guest.Relations@target.com should you have any additional questions.
We can all expect to be peppered with similar emails from various companies over the next day or two.
PC World reports on what you need to know about all this. And hey — HEY:
Let’s be careful out there.