Two weeks ago Epsilon, a company that sends out 40+ billion emails a year, said it had suffered a data breach but refused to provide details, saying that it “[could not] release the names of its clients.”
Today it seems clear than more than 100 companies were part of this data breach. Most of those affected seem to be financial accounts, that is store- or service-branded credit cards.
Because of the financial nature of the breach, be aware of what is called “spear-phishing” — bogus emails that appear genuine because you can be targeted. Analytical firm Javelin says that people who have been subject to a data breach are four more times likely to be the victim of identity fraud.
What follows is an alphabetical list of companies that have been named informally.
A few things stood out to me as I researched this list:
- There are a lot of grocery stores/supermarkets on this list.
- There are a lot of financial institutions/credit cards on this list. Three of the nation’s top 10 banks are on this list: JPMorgan Chase, Citi and U.S. Bank.
- There are a lot of retailers with credit cards outsourced to World Financial Network National Bank (WFNNB), the “private-label and co-branded credit card banking subsidiary of Alliance Data Systems… WFNNB oversees about 120 million cardholder accounts and roughly $4 billion in receivables.” Texas-based Alliance Data Systems ($2.8B in sales for 2010) owns Epsilon; now I see the finance connection.
Consolidation happens, even when it’s invisible to all but the regulator.
Unfortunately, there are few laws protecting consumer data. For example, you might think that “opting out” of an email list would mean your data would be deleted. False assumption; instead, there’s a “flag” in the database that says “opted out,” according to Jonathan Zittrain. That means your data are stolen even if you’ve opted out. That’s a big #fail.
Epsilon should be required to go public with how many accounts were stolen for a very simple reason: it’s a public company and there are costs associated with lost data. Shareholders have a right to know.
In a widely followed study released in March, Ponemon calculated the average cost of U.S. breaches at $214 per record in 2010, up from $204 in 2009, reflecting that many include financial data.
Report phishing e-mails to reportphishing@antiphishing.org and spam@uce.gov. Opt-out of Epsilon partner company emails by sending Epsilon an email with specific information or phoning (the best thing to do if you want to pull more than one email address — but remember, it will still be in the database). Time to demand that “out” means “out.”
In part, this list comes from a website set up in response to the Epsilon breach (it is not clear who created this site) as well as BankInfo Security and Krebs On Security. There is also info from DataBreaches.net.
Alphabetical List of Companies Affected By The Epsilon Data Breach:
- 1-800-FLOWERS
- AbeBooks
- Abercrombie & Fitch (WFNNB)
- Air Miles Reward Program (Canada)
- Ameriprise Financial
- Ann Taylor (WFNNB)
- Arizona Mail Order
- AshleyStewart (WFNNB)
- Avenue (WFNNB)
- BJ’s Visa
- Barclays Apple iTunes Visa card
- Barclays Bank of Delaware
- Beachbody
- Bealls (WFNNB)
- bebe
- Benefit Cosmetics
- Best Buy
- Best Buy Canada
- Blair
- Borders
- Brookstone
- Buckle
- Capital One
- Catherine’s (WFNNB)
- Chadwick’s (WFNNB)
- Charter Communications
- Chase
- Citibank
- City Market
- The College Board
- Crate & Barrel (WFNNB)
- Crucial
- David’s Bridal (WFNNB)
- Dell Australia
- Dillons
- Disney Destinations (The Walt Disney Travel Company)
- Domestications (WFNNB)
- Dressbarn (WFNNB)
- Eddie Bauer Friends
- Eileen Fisher
- Ethan Allen
- Eurosport Soccer
- Express Card (WFNNB)
- ExxonMobil (Citi)
- Fashion Bug (WFNNB)
- FINA (WFNNB)
- Food 4 Less
- Fred Meyer
- Fry’s
- Gander Mountain (WFNNB)
- Giant Eagle (WFNNB)
- Goody’s (WFNNB)
- Hilton Honors
- Home Depot (Citi)
- Home Shopping Network (HSN)
- J.Crew (WFNNB)
- J.Jill
- Jay C
- Jessica London (WFNNB)
- JPMorgan Chase
- Justice (WFNNB)
- King Soopers
- Kroger
- Lacoste
- Lane Bryant
- L.L. Bean Visa (Barclay’s)
- M&T Bank
- Marks & Spencer
- Marriott Rewards
- Maurice’s (WFNNB)
- McKinsey & Company
- MoneyGram
- My Points Reward Visa (WFNNB)
- NTB card (Citi)
- New York & Company
- OneStopPlus (WFNNB)
- PacSun (WFNNB)
- Palais Royal (WFNNB)
- Peebles (WFNNB)
- Polo Ralph Lauren
- PotteryBarn (WFNNB)
- QFC
- Quality Health
- RadioShack (WFNNB)
- Ralphs
- Red Roof Inns
- Reeds Jewelers (WFNNB)
- Reward Zone
- Ritz-Carlton Rewards
- Robert Half International (staffing firm)
- Scottrade
- Sears (Citi)
- Shell (Citi)
- Smile Generation Financial
- Smith Brands
- Sportsman’s Guide (WFNNB)
- Stage (WFNNB)
- Stonebridge Life Insurance
- Target
- Tastefully Simple
- TD Ameritrade
- The Limited (WFNNB)
- The Place (Citi)
- TIAA-CREF
- TiVo
- Trek (WFNNB)
- TripAdvisor.com
- US Bank
- United Retail Group (WFNNB)
- Value City Furniture (WFNNB)
- Verizon
- Victoria’s Secret (WFNNB)
- Viking River Cruises
- Visa
- Walgreens
- Woman Within (WFNNB)
- World Financial Network National Bank (WFNNB)