More Than 100 Companies Affected By Epsilon Data Breach

Two weeks ago Epsilon, a company that sends out 40+ billion emails a year, said it had suffered a data breach but refused to provide details, saying that it “[could not] release the names of its clients.”

Today it seems clear than more than 100 companies were part of this data breach. Most of those affected seem to be financial accounts, that is store- or service-branded credit cards.

Because of the financial nature of the breach, be aware of what is called “spear-phishing” — bogus emails that appear genuine because you can be targeted. Analytical firm Javelin says that people who have been subject to a data breach are four more times likely to be the victim of identity fraud.

What follows is an alphabetical list of companies that have been named informally.

A few things stood out to me as I researched this list:

  • There are a lot of grocery stores/supermarkets on this list.
  • There are a lot of financial institutions/credit cards on this list. Three of the nation’s top 10 banks are on this list: JPMorgan Chase, Citi and U.S. Bank.
  • There are a lot of retailers with credit cards outsourced to World Financial Network National Bank (WFNNB), the “private-label and co-branded credit card banking subsidiary of Alliance Data Systems… WFNNB oversees about 120 million cardholder accounts and roughly $4 billion in receivables.” Texas-based Alliance Data Systems ($2.8B in sales for 2010) owns Epsilon; now I see the finance connection.

Consolidation happens, even when it’s invisible to all but the regulator.

Unfortunately, there are few laws protecting consumer data. For example, you might think that “opting out” of an email list would mean your data would be deleted. False assumption; instead, there’s a “flag” in the database that says “opted out,” according to Jonathan Zittrain. That means your data are stolen even if you’ve opted out. That’s a big #fail.

Epsilon should be required to go public with how many accounts were stolen for a very simple reason: it’s a public company and there are costs associated with lost data. Shareholders have a right to know.

In a widely followed study released in March, Ponemon calculated the average cost of U.S. breaches at $214 per record in 2010, up from $204 in 2009, reflecting that many include financial data.

Report phishing e-mails to reportphishing@antiphishing.org and spam@uce.govOpt-out of Epsilon partner company emails by sending Epsilon an email with specific information or phoning (the best thing to do if you want to pull more than one email address — but remember, it will still be in the database). Time to demand that “out” means “out.”

In part, this list comes from a website set up in response to the Epsilon breach (it is not clear who created this site) as well as BankInfo Security and Krebs On SecurityThere is also info from DataBreaches.net.

Alphabetical List of Companies Affected By The Epsilon Data Breach:

  1. 1-800-FLOWERS
  2. AbeBooks
  3. Abercrombie & Fitch (WFNNB)
  4. Air Miles Reward Program (Canada)
  5. Ameriprise Financial
  6. Ann Taylor (WFNNB)
  7. Arizona Mail Order
  8. AshleyStewart (WFNNB)
  9. Avenue (WFNNB)
  10. BJ’s Visa
  11. Barclays Apple iTunes Visa card
  12. Barclays Bank of Delaware
  13. Beachbody
  14. Bealls (WFNNB)
  15. bebe
  16. Benefit Cosmetics
  17. Best Buy
  18. Best Buy Canada
  19. Blair
  20. Borders
  21. Brookstone
  22. Buckle
  23. Capital One
  24. Catherine’s (WFNNB)
  25. Chadwick’s (WFNNB)
  26. Charter Communications
  27. Chase
  28. Citibank
  29. City Market
  30. The College Board
  31. Crate & Barrel (WFNNB)
  32. Crucial
  33. David’s Bridal (WFNNB)
  34. Dell Australia
  35. Dillons
  36. Disney Destinations (The Walt Disney Travel Company)
  37. Domestications (WFNNB)
  38. Dressbarn (WFNNB)
  39. Eddie Bauer Friends
  40. Eileen Fisher
  41. Ethan Allen
  42. Eurosport Soccer
  43. Express Card (WFNNB)
  44. ExxonMobil (Citi)
  45. Fashion Bug (WFNNB)
  46. FINA (WFNNB)
  47. Food 4 Less
  48. Fred Meyer
  49. Fry’s
  50. Gander Mountain (WFNNB)
  51. Giant Eagle (WFNNB)
  52. Goody’s (WFNNB)
  53. Hilton Honors
  54. Home Depot (Citi)
  55. Home Shopping Network (HSN)
  56. J.Crew (WFNNB)
  57. J.Jill
  58. Jay C
  59. Jessica London (WFNNB)
  60. JPMorgan Chase
  61. Justice  (WFNNB)
  62. King Soopers
  63. Kroger
  64. Lacoste
  65. Lane Bryant
  66. L.L. Bean Visa (Barclay’s)
  67. M&T Bank
  68. Marks & Spencer
  69. Marriott Rewards
  70. Maurice’s (WFNNB)
  71. McKinsey & Company
  72. MoneyGram
  73. My Points Reward Visa (WFNNB)
  74. NTB card (Citi)
  75. New York & Company
  76. OneStopPlus (WFNNB)
  77. PacSun (WFNNB)
  78. Palais Royal (WFNNB)
  79. Peebles (WFNNB)
  80. Polo Ralph Lauren
  81. PotteryBarn (WFNNB)
  82. QFC
  83. Quality Health
  84. RadioShack (WFNNB)
  85. Ralphs
  86. Red Roof Inns
  87. Reeds Jewelers (WFNNB)
  88. Reward Zone
  89. Ritz-Carlton Rewards
  90. Robert Half International (staffing firm)
  91. Scottrade
  92. Sears (Citi)
  93. Shell (Citi)
  94. Smile Generation Financial
  95. Smith Brands
  96. Sportsman’s Guide (WFNNB)
  97. Stage (WFNNB)
  98. Stonebridge Life Insurance
  99. Target
  100. Tastefully Simple
  101. TD Ameritrade
  102. The Limited (WFNNB)
  103. The Place (Citi)
  104. TIAA-CREF
  105. TiVo
  106. Trek (WFNNB)
  107. TripAdvisor.com
  108. US Bank
  109. United Retail Group (WFNNB)
  110. Value City Furniture (WFNNB)
  111. Verizon
  112. Victoria’s Secret (WFNNB)
  113. Viking River Cruises
  114. Visa
  115. Walgreens
  116. Woman Within (WFNNB)
  117. World Financial Network National Bank (WFNNB)

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s