Scope (?):  All Topics
midget
professor
5 3 2
10 6 2
Hot or Not?
13

Massive Email Database Breach - Multiple Retailers Affected

submitted on April 2, 2011 by midget in "Stores / Merchants"
Update: Apparently hundreds of businesses are affected including 7 of the Fortune 10. Refer to the additional sources below for more details.

New York & Company, Inc. (the “Company”) [NYSE: NWY], a specialty apparel chain with 555 retail stores, announced today that it was informed by Epsilon, a third-party vendor used to manage email communications, that Epsilon had a breach of its database that stores customers’ names and email addresses only. The Company was advised by Epsilon that the files accessed did not include any customer financial information, and Epsilon has stressed that the only information accessed was names and email addresses.

The Company is currently in the process of advising its affected customers of the incident and urges customers to use caution when opening links or attachments from unknown third parties. New York & Company also reminds its customers that it will never ask for personal information in an email.

New York & Company apologizes to customers for any inconvenience that this may cause.


http://faq.nyandcompany.com/?cid=200001
http://www.businesswire.com/ne.....ase-Breach

Additional sources:
http://news.cnet.com/8301-1009_3-20050068-83.html
http://www.securityweek.com/ma.....jor-brands
        

Favorite
  Comments
  • 110008
    HouTex
    admin
    Posted by HouTex on April 2, 2011
    [reply] 2 0
    We may hear about more stores affected by this if they also use Epsilon to manage their email.

    Yesterday Kroger announced the same thing, that their email database had been breached. http://www.dailymarkets.com/st.....se-breach/
    http://www.kroger.com/Pages/email_faq.aspx

    I think many people overlooked Kroger's announcement, since it was April Fool's Day.
      110017
    • midget
      professor
      5 3 2
      10 6 2
      Posted by midget on April 2, 2011
      [reply] 4 0
      I wasn't aware of the Krogers announcement but they certainly picked a bad day to release it.
  • 110014
    clover
    professor
    1 6 7
    12 11 2
    Posted by clover on April 2, 2011
    [reply] 2 0
    Time to remove myself from all of the recent sites I added myself to! The deal sites I don't need because I can just see them on Buxr!
  • 110026
    DebsFreebies
    professor
    2
    10 5 1
    Posted by DebsFreebies on April 2, 2011 [reply] 0 0
    I got that email from NYandC today
  • 110027
    DebsFreebies
    professor
    2
    10 5 1
    Posted by DebsFreebies on April 2, 2011
    [reply] 2 0
    Looks like TiVo is another victim....just got an email from them and I haven't been a customer in over 3 years!
  • 110028
    DebsFreebies
    professor
    2
    10 5 1
    Posted by DebsFreebies on April 2, 2011 [reply] 0 0
    Add HSN to the list...
  • 110041
    sandyshore
    professor
    2 1
    12 8 1
    Posted by sandyshore on April 3, 2011
    [reply] 1 0
    An article referencing other breaches...

    http://news.cnet.com/8301-1009_3-20050068-83.html
  • 110043
    YanBz
    admin
    Posted by YanBz on April 3, 2011
    [reply] 2 0
    Affected businesses:

    • TiVo
    • Marriott Rewards
    • Ritz-Carlton Rewards
    • US Bank
    • JPMorgan Chase
    • Capital One
    • Citi
    • McKinsey & Company
    • New York & Company
    • Brookstone
    • Kroger
    • Walgreens

    Source: http://www.securityweek.com/ma.....jor-brands
      110067
    • anand
      professor
      3 9
      10 9 2
      Posted by anand on April 3, 2011 [reply] 0 0
      Sad
    • 110068
    • CouponNut
      deity
      23 14 8
      12 10 2
      Posted by CouponNut on April 3, 2011
      [reply] 1 0
      Yes, Chase actually called me on the phone to tell me the news.
  • 110044
    YanBz
    admin
    Posted by YanBz on April 3, 2011
    [reply] 1 0
    I updated the title to reflect that not only NY&C is affected
  • 110047
    josetring
    master
    Posted by josetring on April 3, 2011
    [reply] 2 0
    Got an email from HSN
      110051
    • webbyone2010
      professor
      1
      Posted by webbyone2010 on April 3, 2011
      [reply] 2 0
      So did I. Knew there had to be a breach.
  • 110121
    2kidsnuts
    professor
    10 8 2
    Posted by 2kidsnuts on April 3, 2011
    [reply] 2 0
    I got one from HSN too.
  • 110191
    jack69darin
    professor
    11 2 1
    Posted by jack69darin on April 4, 2011
    [reply] 1 0
    Best Buy Rewards and Hilton Honors just emailed me!
      110197
    • orangearrows
      professor
      2 3
      7 1 1
      Posted by orangearrows on April 4, 2011 [reply] 0 0
      Got Best buy email Sad . WTH is going on ...
  • 110199
    jack69darin
    professor
    11 2 1
    Posted by jack69darin on April 4, 2011
    [reply] 1 0
    I'm preparing to get blasted with a ton of spam soon! Twisted
  • 110224
    HouTex
    admin
    Posted by HouTex on April 4, 2011
    [reply] 1 0
    This is the second time the email database from Walgreens has been compromised. They finally sent a message about it today, acknowledging that Epsilon had notified them on 3/30/11. It included a weak apology and pledge to take our privacy seriously. Somehow, it wasn't very convincing.

    In contrast to that, the message I received from Citi contained useful information, and described a change they are making to assure us which messages are actually from Citi. They've added another item to the Email Security Zone that will appear on all of their future emails. In addition to cardmember name and the last 4 digits of the account number, it will also have "member since" information to help distinguish their messages from phishing attempts.

    (this sample is generic, and does not contain my information)
      110226
    • HouTex
      admin
      Posted by HouTex on April 4, 2011
      [reply] 2 0
      Good information about bank site security and email safety
      - https://creditcards.citi.com/site-security/
      Important steps that you can take to protect your security online:

      Don't provide your Online User ID or password in an e-mail.
      Don't reply to e-mails that require you to enter personal information directly into an e-mail or URL.
      Don't reply to or follow links in e-mails threatening to close your account if you do not take the immediate action of providing any personal information. We may send you an email regarding your account requesting you contact us via phone.
      It is not recommended to use your e-mail address as a login ID or password.
  • 110228
    shawndiaz
    beginner
    1
    Posted by shawndiaz on April 4, 2011
    [reply] 2 0
    I have only received one from HSN. Good thing I am not a member of any of the others (OK, maybe Best Buy too- I admit it..I am a techie geek)
  • 110249
    gabyperu
    professor
    9 5 2
    Posted by gabyperu on April 4, 2011
    [reply] 1 0
    I've just got this email from Target:
    Target’s email service provider, Epsilon, recently informed us that their data system was exposed to unauthorized entry. As a result, your email address may have been accessed by an unauthorized party. Epsilon took immediate action to close the vulnerability and notified law enforcement.
  • 110273
    clover
    professor
    1 6 7
    12 11 2
    Posted by clover on April 5, 2011 [reply] 0 0
    I got emails from Chase and Target. Just be on the lookout for bogus emails requesting your account information.
  • 110289
    shawndiaz
    beginner
    1
    Posted by shawndiaz on April 5, 2011
    [reply] 2 0
    I received another one from Walgreens last night. Seems to me that the notices are not as urgent as we think they should be if personal data has been compromised. Within 2 days I suppose is good enough.
  • 110433
    DebsFreebies
    professor
    2
    10 5 1
    Posted by DebsFreebies on April 5, 2011, merged on April 6, 2011 by YanBz
    [reply] 1 0
    The world's largest "permissions-based" e-mail marketing company, Epsilon, reported late last week that someone hacked into its computer system and stole an unknown number of e-mail addresses and names.
    The scope of this breach is potentially huge and has continued to grow over the weekend, with companies like TiVo, JPMorgan Chase and Capital One coming forward to say their customers have been affected. Epsilon reports sending 40 billion e-mails per year on behalf of its 2,500 clients. Reuters calls this potentially "one of the biggest such breaches in U.S. history."

    But the worst that may come of it is a sneakier and more sinister version of spam, security experts say.

    http://www.cnn.com/2011/TECH/w.....index.html

    Yes, we've seen the emails and the discussion posts but let this be a reminder for us all to maintain a vigilance over our information.
  • 110434
    sandyshore
    professor
    2 1
    12 8 1
    Posted by sandyshore on April 5, 2011, merged on April 6, 2011 by YanBz [reply] 0 0
    Personally, I'm not worried. Just annoyed that I may get spammed and have to close an email down. Of course, I've had relatives who would send forwards with my email addy and that caused the same problem in an old account.
  • 111900
    YanBz
    admin
    Posted by YanBz on April 18, 2011 [reply] 0 0
    Here is an interesting article that explains what can happen next with all these stolen email addresses

    It’s worth bearing in mind that these email lists, now in the hands of the criminal underground, could be abused at anytime. Users may be on their guard right now about receiving a bogus email from a particular brand – but it could also arrive in 12 months time when the story of this security breach is long forgotten by the typical man in the street.

    In fact, for this reason, it might make a lot of sense for the spammers to wait before abusing the information.


    http://thenextweb.com/industry.....is-stolen/
  • 112105
    HouTex
    admin
    Posted by HouTex on April 20, 2011
    [reply] 1 0
    The Children's Place has notified its customers about an unauthorized email sent to their mailing list, and serves as a reminder
    to be alert to suspicious emails, especially those that request personal information such as credit card numbers.

    The warning describes the nature of the message, which
    appears to have come from Adobe, directing customers to a website where they are asked to enter their credit card number in order to update software.

    http://ebm.cheetahmail.com/c/t.....E/doc.html

Leave a Comment (members Sign in to comment)

Name

E-Mail (will not be published)

2 x 3 = ?

Emoticons

'Mr Green''Neutral''Twisted''Arrow''Eek''Smile''Confused''Cool''Evil''Big Grin''Idea''Red Face'

(more)


 

Browse by tags