Epsilon, a Dallas-based marketing firm that handles email marketing and
database hosting for customers such as JPMorgan Chase Bank, U.S. Bancorp,
Capital One, Barclay’s Bank, Kroger, Best Buy Co., TiVo Inc., and
Walgreens, reported in the last week of March that a hacker gained access
to databases containing millions of customers’ names and possibly
their email addresses.
These large businesses have sent emails to customers informing them of the incident and warning them that even though it is believed that no other personal information was contained in the hacked databases, unscrupulous persons still can use the information to send fraudulent emails to the customers, requesting personal information, such as passwords, credit card numbers, PIN numbers, and the like. Such emails may purport to come from the customer’s bank or other companies with which the customer does business. The emails may contain a link that takes the user to a fraudulent webpage that requests personal information.
The businesses involved are warning customers to be especially careful not to give out any such information, and say they will not ask customers for personal information over the internet. If a customer receives a suspicious email, he or she should independently find out the telephone number of the company and call to verify that any email that purports to be from the customer’s bank or other company is legitimate.
So far, none of the news accounts contain any information as to how or by whom the databases were hacked. Retail businesses regularly tell customers and potential customers that they can safely transact business over the internet because the company has a “secure website,” as evidenced by the inclusion of “https” in the web page address, rather than the unsecured designation of “http.” This means that a user’s name and password is encrypted (coded) before being sent to the business’s server. In addition, a “lock” icon will appear somewhere in the window of the browser.
It is our impression that it does little good to encrypt personal information
while at the same time millions of customers’ names and associated
emails are vulnerable to theft from a server or servers that can be hacked.
The incident is being investigated as we write this blog. We hope that
the investigation will at least determine exactly how this sensitive information
was able to be stolen from what should have been highly secure databases.
-”Colorado Consumers Beware,” Colorado Business Litigation Lawyer Blog, posted 02/01/11
-”E-Verify System for Denver Businesses,” Colorado Business Litigation Lawyer Blog, posted 11/17/09