Print 26 comment(s) - last by Gzus666.. on Apr 5 at 7:52 PM

An email database of TiVo subscribers has been lost from a leading corporate email service provider -- but that's just the tip of the iceberg...  (Source: Gawker)

Chase Bank, Kroger, Walgreen's, Kraft Foods, India's Jet Airways, New York and Company and more may also be affected.  (Source: Complain About)
Other organizations that use email service provider include Kraft and Jet Airways

TiVo, Inc. (TIVO) recently announced to customers that its email services provider, Epsilon Data Management, LLC had suffered a serious data breach.  

The Alviso, Calif.-based company writes:

Dear TiVo Customer,

Today we were informed by our email service provider that your email address was exposed due to unauthorized access of their system.  Our email service provider deploys emails on our behalf to customers who opted into email-based communications from us.

We were advised by our email service provider that the information that was obtained was limited to first name and/or email addresses only.  Your service and any other personally identifiable information were not at risk and remain secure.
Please note, it is possible you may receive spam email messages as a result.  We want to urge you to be cautious when opening links or attachments from unknown third parties.

We regret this has taken place and apologize for any inconvenience this may have caused you.  We take your privacy very seriously and we will continue to work diligently to protect your personal information.

If you have unsubscribed in the past, there is no need to unsubscribe again.  Your preferences will remain in place.

The TiVo Team

Epsilon is not the only major email services provider to be hacked in recent months.  SilverPop Systems, Inc., a rival firm recently had a large scale intrusion and lost customer email databases belonging to McDonald's Corp. (MCD), Walgreen Company (WAG), and deviantArt LLC.

Clothing boutique chain New York & Company (NWY), another Epsilon customer, also revealed to customers that it was affected by the breach.  

According to a report in SecurityWeek, other customers that had their databases lost in the breach include US Bank, JPMorgan Chase & Co. (JPM); Verizon Communications, Inc. (VZ);Capital One Financial Corp. (COF); Marriott International, Inc. (MAR); the Ritz-Carlton Hotel Company LLC; Citigroup, Inc. (C); Brookstone, Inc.; McKinsey & Co., Inc.; the Kroger Comp. (KR); and Walgreen Comp. (again!).  These organizations have not all confirmed the breach, though several have announced that they are investigating whether data was lost.

A quick Google search reveals India's Jet Airways (632617) and Kraft Foods Inc. (KFT) are also customers of Epsilon.  It is unclear whether their databases were compromised, but customers who have given their emails to these firms should beware

In theory, as the TiVo email alludes to, the primary motivation for such attacks would be to collect addresses for a spamming campaign.  A lesser possibility is that the intrusions were conducted by hackers looking to test their skills and less interested in what they found.

If there's one lesson from this story, it's that while it's okay to give your email to marketers, it's wise to use a dedicated account for this purpose, with a non-standard password so as to provide yourself with an extra layer of online security.

Updated: Monday, April 4, 2011, 11:42 a.m. --

Readers are reporting that Best Buy Co., Inc. (BBY) also is emailing customers telling them that its email service provider (surprise!) Eclipse has lost their information.  Customers subscribed to the Rewards Zone program are likely effected.

As email service providers like SilverPop and Eclipse tend to keep their contracts semi-confidential, this may not be the last of the additional firms we discover to be affected.

Updated 2: Monday, April 4, 2011, 2:00 p.m. -- 

As we predicted, there are more victims of the breach.

Apparently staffing firm Robert Half International Inc. (RHI) and Ameriprise Financial, Inc. (AMP) were also Epsilon customers.  Both firms have sent emails warning users that their information may have been lost.

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

Robert Half
By fleshconsumed on 4/4/2011 12:56:37 PM , Rating: 4
Robert Half too. A technology recruiting firm that can't handle their own mailing lists? Does this not inspire confidence?

RE: Robert Half
By FITCamaro on 4/4/2011 1:07:04 PM , Rating: 3
Lol yeah. I was less than impressed with them though when I interviewed with them about 4-5 years ago. How someone's memorization of the .NET API says they're a good programmer is beyond me.

RE: Robert Half
By Ilfirin on 4/4/2011 1:40:20 PM , Rating: 2
Yeah that generally is a bad reason to not hire someone - although, if it was for a lead position, you do generally want at least 1 person on the team with extraordinary domain-specific knowledge (in addition to phenominal general problem solving skills) to the technologies you're working with (.NET in this case).

Other than that you're more than likely excluding the best applicants.

RE: Robert Half
By Ilfirin on 4/4/2011 1:43:14 PM , Rating: 3
That being said, it's no surprise - every recruiting firm only ever cares about techno buzz words that have no coorelation to finding good hires.

That's also why most developers these days have every single techno buzz word they've ever heard of in one part of their resume.

.. and also why resumes don't really tell you sh*t about an applicant and recruiters are usually part of the problem, not the solution.

RE: Robert Half
By fic2 on 4/4/2011 6:29:01 PM , Rating: 2
I had a recruiter years ago that was trying to pronounce TCP/IP - "they are looking for someone that knows TPICP or something like that". Although I am not sure he even got that close.

RE: Robert Half
By Gzus666 on 4/4/2011 7:47:00 PM , Rating: 1
You haven't dealt with good recruiters then. I have dealt with bad ones and good ones. The good ones have the ability to notice talent without just checking buzz words.

I have gone through people that blow past me cause I don't have 10 years of experience, then I get other people who talk to me for a bit, put me in front of the hiring managers and technical people and I knock it out of the park for them. I had two companies fighting for me because of how well I did in the interviews, both called back within a few hours of the interview to hire me. The big reason I got in front of them was because of good recruiters (granted I'm loaded with Cisco certs and know how to talk to people, but that isn't everything).

Now, the reason I knock it out of the park in the interviews is because I'm damn good at what I do (I'm super humble if you didn't notice), but it is hard to put that into a resume no matter who you are.

RE: Robert Half
By Ilfirin on 4/4/2011 9:16:24 PM , Rating: 2
I was speaking from the perspective of someone doing the hiring - I'm part owner & head the product development of one company while simultaneously being the principal owner and product manager of another.

While I have had good experience with recruiters early in my career while looking for jobs (they're people that get paid by someone who isn't you to get you hired - I thought that was amazing when I was on the other end of the stick), the experience is usually much less enjoyable for the purpose of doing hiring. For one, most of the top talent out there do not use recruiters. In fact, recruiters usually annoy them non-stop with job offers (I don't even have a resume out there and I am constantly bombarded with recruiter e-mails on a daily basis - and then just logging into facebook I get 12 different job ads per screen I go to).

In practice, what usually happens is several recruiters contact you and all try and sell you as hard as they possibly can on believing that their candidates are the best so that they get the check at the end of the day and not the other guys. They don't actually care about the quality of the applicant, just that they last long enough to get past whatever terms were in the recruiter's contract such that he/she gets paid.

So what happens is you end up spending a lot of money for a mediocre employee that demoralizes your whole team full of stars.

RE: Robert Half
By Gzus666 on 4/5/2011 7:52:02 PM , Rating: 2
I guess I'm confused as you are making silly sweeping judgements about an entire group of people based on just your dealings. My question is if you are hiring these people and they suck, aren't you really to blame? I mean you are bound to get a few bad apples out of any batch, that is just reality, but if it is so bad you blame all recruiters, maybe (likely) it is you.

I have worked for places that hired through recruiting agencies, some sucked, some were amazing employees. They can't filter perfectly, they aren't there to do so anyway. A recruiter is there to try to find you talent so you don't have to, then you filter the good from the bad.

Lastly, where do you get the idea that top talent don't use recruiters? I know people all over in the technical field that do nothing but contracts through recruiters and plenty of good people who get hired on by a recruiter. Recruiting agencies are just there to offload the hunting work.

If you have this much of an issue with recruiters, maybe you need to look within, cause I have never heard this sort of complaint from any hiring manager about recruiters. Then again, maybe it is the way you deal with recruiters, a lot of the ones I have dealt with are either major or exclusive recruiters for the company, so they have a good relationship with the hiring firm and therefore are more worried about their reputation when sending people over.

RE: Robert Half
By fleshconsumed on 4/4/2011 2:46:03 PM , Rating: 3
Quick google search says there are more than a hundred namespaces and around 3000 public classes in .NET framework. Expecting anyone, even a senior developer, to memorize just a fraction of it, including all the methods and various overloads is insanity.

RE: Robert Half
By Ilfirin on 4/4/2011 9:37:09 PM , Rating: 1
For the record I said "extraordinary domain-specific knowledge", not memorization. Memorizing something that you can google quicker than access your own brain is just a waste of neurons.

The point being that, when choosing whose going to lead and teach your whole team of developers down their Silverlight/.NET Windows Azure journey the best DOS-era C programmer in the world is not usually going to be the best choice. They're simply going to spend too much time learning the semantics of the language and technologies to be able to inspire confidence in the team they lead that all likely know more than they do about the specific problem at hand. No matter how genius they are.

6 months into the job (say, after the first release) they very well could be but not on the onset - not if you want to ship on time at least.

For all other positions that *aren't* the lead programmer, none of that means squat. Then you're just looking for smart people that actually get shit accomplished and don't sit there all day in architecture astronaut space theorizing about special relativity's relevance to software design.

RE: Robert Half
By fleshconsumed on 4/5/2011 8:30:08 AM , Rating: 2
Ah, ok, I just misunderstood you. I was simply pointing out that knowing what namespace each class belongs to does diddly squat. Just the other day I had to look up namespace for binary serializer class, it was annoying to stop in the middle of coding to look it up, but it was in no way a showstopper.

Best Buy Reward Zone
By cyriene on 4/4/2011 11:29:57 AM , Rating: 2
I also received an email from Best Buy Reward Zone indicating:

"files containing the email addresses of some Best Buy customers were accessed without authorization.

We have been assured by Epsilon that the only information that may have been obtained was your email address and that the accessed files did not include any other information."

RE: Best Buy Reward Zone
By Gungel on 4/4/2011 11:56:42 AM , Rating: 2
add to that list Ameriprise Financial.

RE: Best Buy Reward Zone
By FITCamaro on 4/4/2011 1:05:47 PM , Rating: 2
Add Robert Half to the list as well. Got an email from both BB and them.

RE: Best Buy Reward Zone
By Etern205 on 4/4/2011 3:27:57 PM , Rating: 2
Got the same e-mail from Best Buy, but I've never activated my account the last time I've went there and that was a few months ago.

RE: Best Buy Reward Zone
By fic2 on 4/4/2011 6:30:09 PM , Rating: 2
Add AbeBooks to the list.

By TechIsGr8 on 4/4/2011 12:23:03 PM , Rating: 4
Thanks, outsourcing, you've served us all well.

RE: Yay
By ApfDaMan on 4/4/2011 12:29:57 PM , Rating: 4
Yay for the cloud.

Best Buy Too
By AstroCreep on 4/4/2011 11:32:34 AM , Rating: 2
I received one of these e-mails from Best Buy this morning.
I tried to copy/paste the message here, but the DailyTech forum says "This comment is apparently spam and we do not allow spam comments.".

In any event, it says Epsilon was breached and someone accessed their e-mail address database, but no other data.
They then (conveniently) suggest visiting a Geek Squad page with tips for keeping my data safe.

RE: Best Buy Too
By MrTeal on 4/4/2011 1:48:27 PM , Rating: 4
They then (conveniently) suggest visiting a Geek Squad page with tips for keeping my data safe.

I'm surprised they didn't try to sell you on an extended service plan for future data safety. Only $49.95, and the next time their data security is breached they'll offer you a new email address, free.

Down play
By Uncle on 4/4/2011 3:56:05 PM , Rating: 2
Watch these companies collectively down play this situation.

RE: Down play
By *kjm on 4/4/2011 4:19:46 PM , Rating: 2
Add Hilton to the list:(

RE: Down play
By fic2 on 4/5/2011 12:58:45 PM , Rating: 2
Yep, got an email from Hilton rewards last night.

By Arsynic on 4/4/2011 11:45:28 AM , Rating: 3
Reward Zone customer as well.

Robert Half staffing got hit too...
By aebiv on 4/4/2011 1:05:51 PM , Rating: 2
I got this last night:

Dear Valued Customer, Today we were informed by Epsilon Interactive, our national email service provider, that your email address was exposed due to unauthorized access of their system. Robert Half uses Epsilon to send marketing and service emails on our behalf.

College Board
By Conner on 4/4/2011 4:25:50 PM , Rating: 2
I got the same email from the SAT company College Board. So now what? More spam?
We have been informed by Epsilon, the vendor that sends email to you on our behalf, that your e-mail address may have been exposed by unauthorized entry into their system.

Epsilon has assured us that the only information that may have been obtained was your first and last name and e-mail address. REST ASSURED THAT THIS VENDOR DID NOT HAVE ACCESS TO OTHER MORE SENSITIVE INFORMATION SUCH AS SOCIAL SECURITY NUMBER OR CREDIT CARD DATA.

Please note, it is possible you may receive spam e-mail messages as a result. We want to urge you to be cautious when opening links or attachments from unknown third parties.

In keeping with standard security practices, the College Board will never ask you to provide or confirm any information, including credit card numbers, unless you are on a secure College Board site.

Epsilon has reported this incident to, and is working with, the appropriate authorities.

We regret this has taken place and apologize for any inconvenience this may have caused you. We take your privacy very seriously, and we will continue to work diligently to protect your personal information.


The College Board

What are the appropriate authorities to work with?

"We are going to continue to work with them to make sure they understand the reality of the Internet.  A lot of these people don't have Ph.Ds, and they don't have a degree in computer science." -- RIM co-CEO Michael Lazaridis
Related Articles

Most Popular ArticlesFree Windows 10 offer ends July 29th, 2016: 10 Reasons to Upgrade Immediately
July 22, 2016, 9:19 PM
Top 5 Smart Watches
July 21, 2016, 11:48 PM

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki