Epsilon, a Dallas-based marketing firm that handles email marketing and
database hosting for customers such as JPMorgan Chase Bank, U.S. Bancorp,
Capital One, Barclay’s Bank, Kroger, Best Buy Co., TiVo Inc., and
Walgreens, reported in the last week of March that a hacker gained access
to databases containing millions of customers’ names and possibly
their email addresses.
These large businesses have sent emails to customers informing them of
the incident and warning them that even though it is believed that no
other personal information was contained in the hacked databases, unscrupulous
persons still can use the information to send fraudulent emails to the
customers, requesting personal information, such as passwords, credit
card numbers, PIN numbers, and the like. Such emails may purport to come
from the customer’s bank or other companies with which the customer
does business. The emails may contain a link that takes the user to a
fraudulent webpage that requests personal information.
The businesses involved are warning customers to be especially careful
not to give out any such information, and say they will not ask customers
for personal information over the internet. If a customer receives a suspicious
email, he or she should independently find out the telephone number of
the company and call to verify that any email that purports to be from
the customer’s bank or other company is legitimate.
So far, none of the news accounts contain any information as to how or
by whom the databases were hacked. Retail businesses regularly tell customers
and potential customers that they can safely transact business over the
internet because the company has a “secure website,” as evidenced
by the inclusion of “https” in the web page address, rather
than the unsecured designation of “http.” This means that
a user’s name and password is encrypted (coded) before being sent
to the business’s server. In addition, a “lock” icon
will appear somewhere in the window of the browser.
It is our impression that it does little good to encrypt personal information
while at the same time millions of customers’ names and associated
emails are vulnerable to theft from a server or servers that can be hacked.
The incident is being investigated as we write this blog. We hope that
the investigation will at least determine exactly how this sensitive information
was able to be stolen from what should have been highly secure databases.
Read More:
-”Colorado Consumers Beware,” Colorado Business Litigation Lawyer Blog, posted 02/01/11
-”E-Verify System for Denver Businesses,” Colorado Business Litigation Lawyer Blog, posted 11/17/09