More Than 100 Companies Affected By Epsilon Data Breach

Two weeks ago Epsilon, a company that sends out 40+ billion emails a year, said it had suffered a data breach but refused to provide details, saying that it “[could not] release the names of its clients.”

Today it seems clear than more than 100 companies were part of this data breach. Most of those affected seem to be financial accounts, that is store- or service-branded credit cards.

Because of the financial nature of the breach, be aware of what is called “spear-phishing” — bogus emails that appear genuine because you can be targeted. Analytical firm Javelin says that people who have been subject to a data breach are four more times likely to be the victim of identity fraud.

What follows is an alphabetical list of companies that have been named informally.

A few things stood out to me as I researched this list:

• There are a lot of grocery stores/supermarkets on this list.
• There are a lot of financial institutions/credit cards on this list. Three of the nation’s top 10 banks are on this list: JPMorgan Chase, Citi and U.S. Bank.
• There are a lot of retailers with credit cards outsourced to World Financial Network National Bank (WFNNB), the “private-label and co-branded credit card banking subsidiary of Alliance Data Systems… WFNNB oversees about 120 million cardholder accounts and roughly $4 billion in receivables.” Texas-based Alliance Data Systems ($2.8B in sales for 2010) owns Epsilon; now I see the finance connection.

Consolidation happens, even when it’s invisible to all but the regulator.

Unfortunately, there are few laws protecting consumer data. For example, you might think that “opting out” of an email list would mean your data would be deleted. False assumption; instead, there’s a “flag” in the database that says “opted out,” according to Jonathan Zittrain. That means your data are stolen even if you’ve opted out. That’s a big #fail.

Epsilon should be required to go public with how many accounts were stolen for a very simple reason: it’s a public company and there are costs associated with lost data. Shareholders have a right to know.

In a widely followed study released in March, Ponemon calculated the average cost of U.S. breaches at $214 per record in 2010, up from $204 in 2009, reflecting that many include financial data.

Report phishing e-mails to reportphishing@antiphishing.org and spam@uce.gov. Opt-out of Epsilon partner company emails by sending Epsilon an email with specific information or phoning (the best thing to do if you want to pull more than one email address — but remember, it will still be in the database). Time to demand that “out” means “out.”

In part, this list comes from a website set up in response to the Epsilon breach (it is not clear who created this site) as well as BankInfo Security and Krebs On Security. There is also info from DataBreaches.net.

Alphabetical List of Companies Affected By The Epsilon Data Breach:

1. 1-800-FLOWERS
2. AbeBooks
3. Abercrombie & Fitch (WFNNB)
4. Air Miles Reward Program (Canada)
5. Ameriprise Financial
6. Ann Taylor (WFNNB)
7. Arizona Mail Order
8. AshleyStewart (WFNNB)
9. Avenue (WFNNB)
10. BJ’s Visa
11. Barclays Apple iTunes Visa card
12. Barclays Bank of Delaware
13. Beachbody
14. Bealls (WFNNB)
15. bebe
16. Benefit Cosmetics
17. Best Buy
18. Best Buy Canada
19. Blair
20. Borders
21. Brookstone
22. Buckle
23. Capital One
24. Catherine’s (WFNNB)
25. Chadwick’s (WFNNB)
26. Charter Communications
27. Chase
28. Citibank
29. City Market
30. The College Board
31. Crate & Barrel (WFNNB)
32. Crucial
33. David’s Bridal (WFNNB)
34. Dell Australia
35. Dillons
36. Disney Destinations (The Walt Disney Travel Company)
37. Domestications (WFNNB)
38. Dressbarn (WFNNB)
39. Eddie Bauer Friends
40. Eileen Fisher
41. Ethan Allen
42. Eurosport Soccer
43. Express Card (WFNNB)
44. ExxonMobil (Citi)
45. Fashion Bug (WFNNB)
46. FINA (WFNNB)
47. Food 4 Less
48. Fred Meyer
49. Fry’s
50. Gander Mountain (WFNNB)
51. Giant Eagle (WFNNB)
52. Goody’s (WFNNB)
53. Hilton Honors
54. Home Depot (Citi)
55. Home Shopping Network (HSN)
56. J.Crew (WFNNB)
57. J.Jill
58. Jay C
59. Jessica London (WFNNB)
60. JPMorgan Chase
61. Justice  (WFNNB)
62. King Soopers
63. Kroger
64. Lacoste
65. Lane Bryant
66. L.L. Bean Visa (Barclay’s)
67. M&T Bank
68. Marks & Spencer
69. Marriott Rewards
70. Maurice’s (WFNNB)
71. McKinsey & Company
72. MoneyGram
73. My Points Reward Visa (WFNNB)
74. NTB card (Citi)
75. New York & Company
76. OneStopPlus (WFNNB)
77. PacSun (WFNNB)
78. Palais Royal (WFNNB)
79. Peebles (WFNNB)
80. Polo Ralph Lauren
81. PotteryBarn (WFNNB)
82. QFC
83. Quality Health
84. RadioShack (WFNNB)
85. Ralphs
86. Red Roof Inns
87. Reeds Jewelers (WFNNB)
88. Reward Zone
89. Ritz-Carlton Rewards
90. Robert Half International (staffing firm)
91. Scottrade
92. Sears (Citi)
93. Shell (Citi)
94. Smile Generation Financial
95. Smith Brands
96. Sportsman’s Guide (WFNNB)
97. Stage (WFNNB)
98. Stonebridge Life Insurance
99. Target
100. Tastefully Simple
101. TD Ameritrade
102. The Limited (WFNNB)
103. The Place (Citi)
104. TIAA-CREF
105. TiVo
106. Trek (WFNNB)
107. TripAdvisor.com
108. US Bank
109. United Retail Group (WFNNB)
110. Value City Furniture (WFNNB)
111. Verizon
112. Victoria’s Secret (WFNNB)
113. Viking River Cruises
114. Visa
115. Walgreens
116. Woman Within (WFNNB)
117. World Financial Network National Bank (WFNNB)