Email Data Breach Affects Credit-Card Issuers, Best Buy, TiVo, More

A data breach at third-party marketer Epsilon has exposed the e-mail addresses and names of customers at major credit-card issuers, Best Buy, TiVo, and more - potentially leaving users open to phishing attacks.

An unauthorized entry into Epsilon's email system occurred on March 30, the company said in a statement.

"The information that was obtained was limited to email addresses and/or customer names only," Epsilon said. "A rigorous assessment determined that no other personal identifiable information associated with those names was at risk. A full investigation is currently underway."

Best Buy and TiVo, as well as JPMorgan Chase, Citi, Capital One, and more said in statements that they were notified by Epsilon of the breach.

"Best Buy has been informed that the compromised files did not include any personally identifiable information," the company said. "As always, we are actively communicating with our customers, including providing them with information about how to help protect themselves from potential fraudulent activity. Customers are reminded to ignore emails asking for confidential information."

"Epsilon does not have access to service information or credit card details and all such personally identifiable information remains secure," according to TiVo.

In an email to customers, Citi said that Epsilon is "a third-party vendor that provides marketing services to a number of companies."

Given that the hackers have access to user email addresses, Citi and others warned users of potential phishing attacks, and told customers not to reply to emails that require you to enter personal information.

Other companies reportedly involved in the breach include Walgreens, US Bank, Disney, Home Shopping Network, McKinsey & Company, Ritz-Carlton Rewards, Marriott Rewards, New York & Company, Brookstone, and The College Board.

In a statement, security firm McAfee said that while the hackers only obtained email addresses and names, "the bad news is that clever attackers could use what has been breached to gain more information."

"This collection could be a treasure trove for cyberattackers who could use the information to con unsuspecting individuals out of more valuable information such as credit card numbers and home addresses," McAfee warned.

This would most likely happen via a phishing attack, and McAfee cautioned users to be cautious of emails asking people to confirm recent orders or to reconfirm payment.

About Our Expert

Chloe Albanesius

Executive Editor, News

My Experience

I started out covering tech policy in DC for The National Journal, where my beat included state-level tech news and all the congressional hearings and FCC meetings I could handle. I later covered Wall Street trading tech before switching gears to consumer tech. I now lead PCMag's news coverage.

My Areas of Expertise

Getting my start in DC means I still have a soft spot for tech policy; Congressional hearings can sometimes be as entertaining as a Bravo reality show, for better or worse. But PCMag is all about the technology we use every day, as well as keeping an eye out for the trends that will shape the industry in the years ahead (or flop on arrival). I've covered the rise of social media, the iOS vs. Android wars, the cord-cutting revolution that's now left us with hefty streaming bills, and the effort to stuff artificial intelligence into every product you could imagine. This job has taken me to CES in Vegas (one too many times), IFA in Berlin, and MWC in Barcelona. I also drove a Tesla 1,000 miles out west as part of our Best Mobile Networks project. Of late, my focus is on our hard-working team of reporters at PCMag, guiding and editing their robust coverage.

Read the latest from Chloe Albanesius

Read full bio