Kroger and Chase suffer data breach and expose customer information [Update]

By using the internet you leave behind little pieces of your identity everywhere. For example, in order to comment on this news story, you have to provide Neowin with your email address. How many sites have your name and email address at a minimum? The answer is probably dozens, if not hundreds, and you rely on companies to keep your personal data hidden from unauthorized access.

Yesterday, Epsilon announced that someone managed to break into their database and retrieve a subset of personal information about customers of their clients. Epsilon provides marketing services for clients and, according to the Dallas Morning News, two of the affected companies are grocery store giant Kroger and bank JP Morgan Chase. In the case of Kroger, names and email addresses of customers were compromised while for JP Morgan Chase, only email addresses were exposed. In both instances, customers are being warned to not open messages from sources that they don’t recognize and that companies will never ask for personal information.

The difficult part of the world today is the realization that doing business with one company means you’re doing business with dozens of companies at the same time. Companies are constantly streamlining their operations and outsourcing processes that are not part of their core competencies, meaning your data is floating between multiple companies that you are probably not even aware of. While this breach was relatively minor, there is a constant risk inherent with providing information on the net.

Update: It looks like reports on a few more companies are rolling in, including US Bank and everyone's favorite DVR manufacturer, TiVo.

Update 2: According to Security Week, it looks like the following companies have been exposed (so far): Kroger, TiVo, US Bank, JP Morgan Chase, Capital One, Citi, Home Shopping Network, McKinsey & Company, Ritz-Carlton Rewards, Marriott Rewards, New York & Company, Brookstone, Walgreens, and The College Board

Update 3: The list grows - Best Buy, Ameriprise Financial, L. L. Bean Visa, and Disney Destinations have been added. It's probably safe to say that there will be dozens more as well.

TiVo® Service Announcement     

Dear TiVo Customer,

Today we were informed by our email service provider that your email address was exposed due to unauthorized access of their system. Our email service provider deploys emails on our behalf to customers who have opted into email-based communications from us.

We were advised by our email service provider that the information that was obtained was limited to first name and/or email addresses only. Your service and any other personally identifiable information were not at risk and remain secure.

Please note, it is possible you may receive spam email messages as a result. We want to urge you to be cautious when opening links or attachments from unknown third parties.

We regret this has taken place and apologize for any inconvenience this may have caused you. We take your privacy very seriously, and we will continue to work diligently to protect your personal information.

If you have unsubscribed in the past, there is no need to unsubscribe again. Your preferences will remain in place.

The TiVo Team



Report a problem with article
Previous Story

Sony president slips up, released info about 8MP iPhone 5 camera

Next Story

Sudden closure of many Windows 8 based sites and twitter feeds; Microsoft not involved [Update]


Commenting is disabled on this article.

just received an email from TiVo as well. same problem Name and email were exposed.
ah, didn't see the update in the main post. well, I can confirm...

got a couple of notices these past couple of days....must be one group responsible.....anon most likely....hope they burn them at the stake

Windows7even said,
got a couple of notices these past couple of days....must be one group responsible.....anon most likely....hope they burn them at the stake

What makes you jump to say Anonymous, given that Anonymous has never done anything like this in the past? Anonymous isn't even truly a group, if you understand them. This is probably an attack originating from Russia or one of the former soviet countries, which is fairly common.

Yeah, I got an e-mail from Kroger yesterday about this. Fortunately all they got was names and e-mail addresses, no really "private" info such as addresses or phone numbers.

I can't help but notice that most of the recent data breaches have been through marketing companies. Something needs to be done about everyone and their grandma's cat handing my information over to these services 'for my benefit.'