Epsilon Email Break-In... Updated List of Affected Companies

« DOJ and FBI flex muscles: Takedown of international botnet | Main | For Crying out Loud... Password Protect Your Wireless Router! »


Epsilon Email Break-In... Updated List of Affected Companies

Kevin R. Smith

It comes as no surprise that a lot of people and businesses have been affected by the Epsilon break-in.

What may be a surprise to some is the breadth of the affected industries. In our previous blog on the Epsilon break-in, I said,

It's just about every type of business imaginable, and chances are very, very, very high you've dealt with at least one of these companies.

Given the growing size of the list, that looks more true than ever.  Take a look at the list below.

If you have an account with one of these banks or have shopped with one of these retailers/e-tailers, you're more susceptible to a highly targeted spear-phishing attack.

They know your name and email address, and they know the banks, credit card companies, and other financial institutions you deal with. They know where you've shopped.

You, like me, are a prime target for someone looking to contact you by email and trick you into giving up your highly confidential information or steal from you. It's a fact. Because they know more about you, it's much, much easier to gain your trust.

Today, I came across this updated list of companies affected by the Epsilon Breach at CAUSE.org (The Coalition Against Unsolicited Commercial Email). [Thanks to CAUSE.org for doing the tremendous leg work to put this list together.]


Banks/Financial Institutions
  • Ameriprise
  • American Express
  • Barclay's L.L. Bean Visa card
  • Barclays Bank of Delaware
  • Best Buy Canada Reward Zone
  • BJ's Visa
  • Capital One
  • Catherine's card
  • Citi
  • Express card
  • ExxonMobil card
  • Home Depot card
  • JPMorgan Chase
  • MoneyGram
  • MyPoints Reward Visa
  • NTB card
  • Scottrade
  • Smile Generation Financial
  • Stonebridge Life Insurance
  • TD Ameritrade
  • US Bank
  • Victoria's Secret card
  • Visa
  • World Financial Network National Bank

    Retailers / e-Tailers
  • 1-800-FLOWERS
  • Abe Books
  • Abercrombie & Fitch
  • AIR MILES Reward Program (Canada)
  • Ameriprise
  • Ann Taylor
  • AshleyStewart
  • Avenue
  • Beachbody
  • bebe
  • Benefit Cosmetics
  • Best Buy
  • Borders
  • Brookstone
  • Chadwick's
  • Charter Communications
  • City Market
  • College Board
  • Crate & Barrel
  • Crucial
  • David's Bridal
  • Dell Australia
  • Dillons
  • Disney Destinations (The Walt Disney Travel Company)
  • Domestications
  • Dressbarn
  • Eddie Bauer Friends
  • Eileen Fisher
  • Ethan Allen
  • Eurosport Soccer
  • Fashion Bug
  • Food 4 Less
  • Fred Meyer
  • Fry's
  • Gander Mountain
  • Giant Eagle
  • Giant Eagle Fuelperks
  • GlaxoSmithKline Consumer Healthcare
  • Hilton Honors
  • Home Shoppers Network (HSN)
  • J.Crew
  • J.Jill
  • Jay C
  • Jessica London
  • Justice
  • King Soopers
  • KingSize Direct
  • Kroger
  • Lacoste
  • Lane Bryant
  • Marks & Spencer
  • Marriott Rewards
  • Maurice's
  • McKinsey Quarterly
  • New York & Company
  • OneStopPlus
  • PacSun
  • Palais Royal
  • Polo Ralph Lauren
  • PotterBarnKids
  • PotteryBarn
  • QFC / Quality Food Centers
  • QualityHealth
  • Radio Shack
  • Ralphs
  • Red Roof Inn
  • Reeds Jewelers
  • Ritz-Carlton Rewards
  • Robert Half International
  • Sears
  • Shell
  • Smith Brands
  • Sportsman's Guide
  • Stage
  • Target
  • Tastefully Simple
  • The Limited
  • The Place
  • TiVo
  • Trek
  • TripAdvisor.com
  • United Retail Group
  • Value City Furniture
  • Verizon
  • Viking River Cruises
  • Walgreens
  • Woman Within

  • For the companies involved, there's no shame in my opinion. They put their trust in a company with, at that point, an excellent record for systems and information security. 

    It just so happens that even with that, someone (or more likely a group) broke into their systems and stole the data Epsilon had been recording, storing, and using on their customers' behalves.

    Is Epsilon to blame, definitely, but I don't feel the companies are. Outsourcing to what you believe is a competent third party is often not just a good but actually the best business decision.

    It really doesn't make sense for most companies to spend the time and resources to devote to something as mundane as email address collection and marketing. It really doesn't.

    No matter how good each individual company's staff gets, because of the scale of Epsilon's operations, they see more, and so they're more likely to make the right decisions about security.

    What this really boils down to is a question of personal responsibility. Each of us, as individual consumers and businesses, need to be smart about what we do with our information and what to do when we're contacted.

    That means thinking before you click. Thinking before you type. And thinking before you hit "submit" on a form.

    And it also means keeping your PC patched and your antivirus software up to date, too. Together, being smart about what you do online and keeping your PC secure can be just the difference between being safe and being someone's identity theft prey.


    You can follow this conversation by subscribing to the comment feed for this post.

    The comments to this entry are closed.