Epsilon Email Address Breach

If you are like me, you probably received an email or two (or more) talking about the Epsilon Email Address Breach. Not sure if this is true or not? Unfortunately it is. I wanted to share a write-up that a co-worker wrote that explains what this all means. I asked for permission to share this with you, and he said, yes!

Epsilon-PhishingEpsilon Email Address Breach

Many of you may have received “Breach Notification” emails recently from companies that you do business with either professionally or personally. The breach occurred at Epsilon, a third party vendor, that provides “Cloud based” direct marketing services to many different companies. These companies include Capital One, Kroger, JPMorgan Chase, Citi, Walgreens, TD Ameritrade, The College Board (SAT/ACT) and MANY others.

The Epsilon breach resulted in the disclosure of customer’s email addresses, names and the company they did business with. At this point, no financial information, social security numbers, credit cards, or password information was accessed. However, the information obtained will likely result in large scale “spear phishing” attacks which will be directed against the email addresses obtained.

Phishing is a type of email scam designed to steal personal data, such as credit card numbers, passwords, account data or other sensitive information. Generally the email scam will be constructed to look as real as possible, but in reality, it is a ruse to trick you into providing personal information.

Unfortunately, with this latest breach the resulting phishing emails will be tailored specifically to YOU and difficult to discern as being an email scam. This is because the data obtained provides your name and email address but additional info, such as:  you shop at Kroger, you conduct financial business with Citi or  TD Ameritrade or have had a prescription filled at Walgreens.  The scam email will be addressed to you specifically and will be “from” a company that you do business with. The email will ask you for some sort of personal information or ask you to click a link to confirm your information. Please know that legitimate companies will NEVER ask you to provide sensitive information via an email or link.

Review the list of affected companies found here. If a company you do business with is listed, please check the company’s website for further guidance. Additionally, be suspicious of any future emails you receive from these companies and do NOT provide any sensitive information such as your account number, login information, credit card number, SSN or other personal information based on an email. If you are directed to access your account with the given company in the email, do NOT click on any links in the email. Instead, go directly to the website from your browser. If you ever have ANY doubt about the legitimacy of an email, simply call the company in question and ask them. These precautions should be taken even if companies you do business with are NOT listed on the page referenced above.

For additional information on this particular incident, please refer to the articles below:

Be Well.
The Gratitude Guru


  1. Ann on April 7, 2011 at 5:50 pm

    Thank you for this clear article – and for the list of companies affected.

  2. Menka on April 8, 2011 at 8:15 am

    Thank you Savior.

Leave a Comment