Epsilon Data Breach: Is This the New Normal?

by Kay Lynn

The emails started coming on Sunday evening.  It was from Ameriprise which is an insurer we no longer use.  The next day emails from five additional companies arrived all with the same message.

data security

Epsilon, their third party marketing services vendor, had experienced a security breach and names and email addresses were stolen of some customers.  The companies were all quick to explain that account information was not compromised.  It must have satisfied most people because I never heard anyone talking about it at the proverbial water cooler this week.

Why You Should be Concerned

There are two ways the data thieves could use your information.  Most commonly talked about is for phishing.

Phishing emails appear to be from the company you do business with, but emails “fishing” for your private data.  The goal is to get you to give out sensitive information such as your social security number or credit card information by having you enter it in a look-alike website.

The thieves could also pose as you at the company’s website and submit a lost password request.  Most companies will no longer show passwords on screen and only send them via email or text message.

What You Can Do

There are numerous steps you can take to protect yourself.  The first is to use another email account for the companies that indicated your email account was compromised.  Or if you no longer do business with that company, remove yourself from their mailing list.   By removing myself from the company’s list, it would be highly suspicious when I get an email.  Other ideas include:

1. Don’t use your email address as a login for accounts.  Create a separate login name.  Unfortunately too many websites still use email without another option.

2. Don’t provide your online user ID or password in email to anyone.  The company will never send you an email asking you to verify it via email.

3. Don’t respond to emails requesting personal information be entered directly into the email or a URL.  Companies will not close your account because you didn’t click on a URL to enter personal information.  If you think an email is valid but are not sure, go to the website directly, not from an emailed URL, and login to your account.


Fighting cyber-crime will be an ongoing process for companies and consumers.   Be vigilant and practice habits that protect your information.  What other advice should Epsilon victims heed?

Related Posts Plugin for WordPress, Blogger...


Gianna April 8, 2011 at 9:35 am

I must have gotten about 10 of these in the past week. I started unsubscribing but who knows who has my information now. This is the first i’ve read about it anywhere.

krantcents April 8, 2011 at 9:44 am

Good advice! I have become very suspicious of all emails lately not because of this breach, but in general.

MoneyCone April 8, 2011 at 1:43 pm

I got a few of these too! Amazing how many companies rely on one provider for their ‘mailing-list’ services!

But this is the new reality. Nothing online is really safe – even the mighty Google was hacked. So much that they decided to quit China than fight it!

The only advice I have is never click on any link if it is from a financial institution. Always login to your account by typing it in your browser if you need to check anything.

Money Reasons April 8, 2011 at 10:24 pm

Isn’t it horrible the things the bad guys do to steal our identities. Mostly it seems the victims are the elderly that aren’t very good with computers that gets hit the hardest!

One additional step, sometimes the bad guys modify your host file so that an url will go to the bad guy’s sites instead of a legitimate site. You should call the company directly to confirm that the email was real.

You might also want to check with a techie friend to make sure your host file is clean! Hmm, I think maybe I’ll add this bit of information to my Saturday post, just for those that don’t know many techies…

Buck Inspire April 9, 2011 at 9:56 am

Great service you are doing reminding people of identity thieves. Any legit company would never send you email asking for sensitive data because email is quite insecure. Ignore them at all cost. If you are curious, you can mouse over their weblinks and see that it actually goes somewhere else. Don’t fall for it!

Amanda L. Grossman April 9, 2011 at 6:19 pm

I received two different emails this week because of this. I was surprised because it came from my bank, and also from Kroger (the bank surprised me much more).

Melrose April 9, 2011 at 6:52 pm

Just received my 6th notice a few minutes ago. I am beginning to think Epsilon is the only third party marketing services vendor out there because everyone I have ever dealt with seems to use them.

Barb Friedberg April 10, 2011 at 5:54 am

I only got 2 of the emails. Luckily fraudulent credit cards are only liable for $50; but stolen Identity is a huge nightmare i wouldn’t wish on anyone.

Little House April 11, 2011 at 6:58 am

I think we just have to be more suspicious of the emails we receive. It’s also good to look at the email address the email is coming from. For instance, I sometimes receive an email from PayPal saying my account has been restricted and to click on a link. PayPal won’t ever send an email such as this so I know better than to respond. If I check the email address it’s coming from, it often looks suspicious. I think the key is not to ever respond to an email with personal information!

Doable Finance April 11, 2011 at 8:13 am

Not just the elderly are targeted the most, everyone who has an email occasionally gets phished. As humans we all have soft spot and the scammers just take advantage of it.

Comments on this entry are closed.

{ 2 trackbacks }

Previous post:

Next post: