Epsilon hack: Notification letters

Many companies and customers have been affected by the Epsilon security breach. Here are some of the notification letters people have received.

Let's start with Epsilon's notification:

Epsilon notifies clients of unauthorized entry into email system

IRVING, TEXAS – April 1, 2011 - On March 30th, an incident was detected where a subset of Epsilon clients' customer data were exposed by an unauthorized entry into Epsilon's email system. The information that was obtained was limited to email addresses and/or customer names only. A rigorous assessment determined that no other personal identifiable information associated with those names was at risk. A full investigation is currently underway.

Sign up today.

Get your morning news fix with the daily Salted Hash e-newsletter!

Important information from McKinsey Quarterly

We have been informed by our email service provider, Epsilon, that your email address was exposed by unauthorized entry into their system. Epsilon sends e-mails on our behalf to McKinsey Quarterly users who have opted to receive email communications from us.

We have been assured by Epsilon that the only information that was obtained was your first name, last name and email address and that the files that were accessed did not include any other information. We are actively working to confirm this. We do not store any credit card numbers, social security numbers, or other personally identifiable information of our users, so we can assure you that no such information was accessed.

Please note, it is possible you may receive spam email messages as a result. We want to urge you to be cautious when opening links or attachments from unknown third parties. Also know that McKinsey Quarterly will not send you emails asking for your credit card number, social security number or other personally identifiable information. So if you are ever asked for this information, you can be confident it is not from McKinsey.

We regret this has taken place and apologize for any inconvenience this may have caused you. We take your privacy very seriously, and we will continue to work diligently to protect your personal information.

If you have any questions or concerns, please contact McKinsey Quarterly at info@mckinseyquarterly.com. For any media inquiries, please contact Humphrey Rolleston at +1-212-415-5321.

Sincerely,

Rik Kirkland

Senior Managing Editor

McKinsey & Company

An important announcement for Brookstone email customers

Dear Valued Brookstone Customer,

On March 31, we were informed by our email service provider that your email address may have been exposed by unauthorized entry into their system. Our email service provider deploys e-mails on our behalf to customers in our email database.

We want to assure you that the only information that may have been obtained was your first name and email address. Your account and any other personally identifiable information are not stored in this system and were not at risk.

Please note, it is possible you may receive spam email messages as a result. We want to urge you to be cautious when opening links or attachments from unknown third parties.

In keeping with best industry security practices, Brookstone will never ask you to provide or confirm any information, including credit card numbers, unless you are on our secure e-commerce site, Brookstone.com.

Our service provider has reported this incident to the appropriate authorities.

We regret this has taken place and for any inconvenience this may have caused you. We take your privacy very seriously, and we will continue to work diligently to protect your personal information.

Sincerely,

Brookstone Customer Care

Kroger.com FAQ on what happened

--What happened?

We were notified and became aware of unauthorized access to our email list by someone outside our company. We want to assure you that the only information that was obtained were names and email addresses. Unfortunately, this sort of data theft is becoming more common across many industries, and we take it extremely seriously.

--How will this affect you?

In many cases, it won't. Only names and email addresses were taken, and all other customer information is secure. You may receive some unsolicited emails (spam) as a result of this incident. Kroger wants to remind you not to open emails from senders you do not know.

Also, Kroger would never ask you to email personal information, such as credit card numbers or social security numbers. If you receive such a request, it did not come from Kroger and should be deleted.

Why did you receive notification on this incident?

The reason we are going directly to you with this news is because we think it's the right thing to do for you, a valued Kroger Customer. As a company, we believe that all customer relationships must be built on trust. That is why we believe it is important to inform you of this incident.

--What we are doing for the future security?

Let us reassure you that we are taking necessary steps to safeguard your personal information. You may be aware of attacks on email marketing systems, therefore we want to assure you that we take the safeguarding of your information seriously and that the appropriate authorities have been contacted regarding this incident.

Additionally, we have taken steps to minimize this type of exposure in the future. We will continue to take all appropriate measures to keep your personal information secure at Kroger.

--Does this affect my 1-2-3 Rewards Mastercard account?

1-2-3 Rewards Mastercard account information is completely secure and was unaffected by the breach. Only names and email address information were taken.

--Is my personal or financial information at risk?

No, only names and email address were taken. All other customer information is secure. See "How will this affect you?" for further details.

--Can I be taken off your email list?

To remove your email address from our email list, please sign into your online account, select Email Subscriptions and remove any marked selections.

--Do I need to do anything?

The appropriate authorities have been engaged and we have taken measures to minimize this type of exposure in the future. No further action is required on your part.

Expect to see a lot more of these letters, because Epsilon has a lot of big-name customers, including JP Morgan Chase, Visa, Kraft, Citibank and Marriott International.

--Bill Brenner

Join the discussion
Be the first to comment on this article. Our Commenting Policies