CONSUMER ALERT: Information Breach Basics
April 5, 2011
Contact: Brock Bergey, (608) 224-5007
Information Breach Basics (PDF)
MADISON – The Wisconsin Office of Privacy Protection is warning consumers to be cautious of suspicious e-mails following what could be the largest breach of information in U.S. history. BACKGROUND INFORMATION
Epsilon, a Texas-based e-mail marketing services company, says someone recently hacked into its database – resulting in the compromise of millions of consumer names and e-mail addresses. According to Epsilon’s website, no personally identifiable information is at risk because of this breach.
Epsilon provides services to a number of major credit card companies and businesses – including, but not limited to:
- Best Buy
- Capital One
- Home Depot (The)
- Home Shopping Network (HSN)
- JPMorgan Chase
- L.L. Bean
- Marriott International
- New York & Company (NY & Co.)
- Ritz-Carlton Rewards
- U.S. Bank
The affected companies are notifying their customers of the incident and encouraging them to be cautious about sharing personal information.
EDITOR’S NOTE: An example of a customer notification e-mail is included below.
“If you receive a solicitation-style e-mail from one of these companies – ignore it,” said Sandy Chalmers, Administrator of the Division of Trade and Consumer Protection, which includes the Office of Privacy Protection. “Legitimate companies will not attempt to gather personally identifiable information, like your credit card number, through e-mail.”
The Wisconsin Office of Privacy Protection offers additional consumer safeguards:
Never click on an e-mail link and provide personal information. This could result in the download of a computer virus or keylogger (a program that records your keystrokes).
Never give out your account numbers or Social Security number unless you initiate the contact. Legitimate credit card companies and banks already have this information.
Change any passwords you have with the affected companies. Always keep user IDs and passwords private.
Maintain a safe computer with the use of anti-virus protection and a secure firewall.
COMPANY E-MAIL NOTIFICATION EXAMPLE
“As a valued U.S. Bank customer, we want to make you aware of a situation that has occurred related to your email address.
We have been informed by Epsilon Interactive, a vendor based in Dallas, Texas, that files containing your email address were accessed by unauthorized entry into their computer system. Epsilon helps us send you emails about products and services that may be of interest to you.
We want to assure you that U.S. Bank has never provided Epsilon with financial information about you. For your security, however, we wanted to call this matter to your attention. We ask that you remain alert to any unusual or suspicious emails.
Please remember that U.S. Bank will never request information such as your personal ID, password, social security number, PIN or account number via email. For your safety, never share this or similar information in response to an email request at any time.”
“We are closely monitoring this breach of information,” concluded Chalmers. “Any new developments will be issued to the news media and posted on the Office of Privacy Protection’s website.”
For more information visit http://privacy.wi.gov or call the Office of Privacy Protection at 1-800-422-7128.