By using the internet you leave behind little pieces of your identity everywhere. For example, in order to comment on this news story, you have to provide Neowin with your email address. How many sites have your name and email address at a minimum? The answer is probably dozens, if not hundreds, and you rely on companies to keep your personal data hidden from unauthorized access.
Yesterday, Epsilon announced that someone managed to break into their database and retrieve a subset of personal information about customers of their clients. Epsilon provides marketing services for clients and, according to the Dallas Morning News, two of the affected companies are grocery store giant Kroger and bank JP Morgan Chase. In the case of Kroger, names and email addresses of customers were compromised while for JP Morgan Chase, only email addresses were exposed. In both instances, customers are being warned to not open messages from sources that they don’t recognize and that companies will never ask for personal information.
The difficult part of the world today is the realization that doing business with one company means you’re doing business with dozens of companies at the same time. Companies are constantly streamlining their operations and outsourcing processes that are not part of their core competencies, meaning your data is floating between multiple companies that you are probably not even aware of. While this breach was relatively minor, there is a constant risk inherent with providing information on the net.
Update: It looks like reports on a few more companies are rolling in, including US Bank and everyone's favorite DVR manufacturer, TiVo.
Update 2: According to Security Week, it looks like the following companies have been exposed (so far): Kroger, TiVo, US Bank, JP Morgan Chase, Capital One, Citi, Home Shopping Network, McKinsey & Company, Ritz-Carlton Rewards, Marriott Rewards, New York & Company, Brookstone, Walgreens, and The College Board
Update 3: The list grows - Best Buy, Ameriprise Financial, L. L. Bean Visa, and Disney Destinations have been added. It's probably safe to say that there will be dozens more as well.
TiVo® Service Announcement
Dear TiVo Customer,
Today we were informed by our email service provider that your email address was exposed due to unauthorized access of their system. Our email service provider deploys emails on our behalf to customers who have opted into email-based communications from us.
We were advised by our email service provider that the information that was obtained was limited to first name and/or email addresses only. Your service and any other personally identifiable information were not at risk and remain secure.
Please note, it is possible you may receive spam email messages as a result. We want to urge you to be cautious when opening links or attachments from unknown third parties.
We regret this has taken place and apologize for any inconvenience this may have caused you. We take your privacy very seriously, and we will continue to work diligently to protect your personal information.
If you have unsubscribed in the past, there is no need to unsubscribe again. Your preferences will remain in place.
The TiVo Team