Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hackers Steal Kroger's customers' names & email addresses


  • Please log in to reply
3 replies to this topic

#1 Union_Thug

Union_Thug

    Bleeps with the fishes...


  • Members
  • 2,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:is everything
  • Local time:03:18 PM

Posted 02 April 2011 - 04:36 PM

http://www.securityweek.com/kroger-notifies-customers-data-breach-stemming-third-party-email-vendor

Grocery giant, The Kroger Co., notified customers today that the database storing its customers' names and email addresses had been breached. The company said incident occurred at Epsilon, the third-party vendor Kroger uses to manage its customer email database and communications.

snip

Kroger urged customers not to open email from senders they do not know and reminded customers that Kroger will never ask for personal information such as credit card numbers or social security numbers in an email.


Looks like Epsilon is having a really bad week...

http://www.multichannel.com/article/466168-TiVo_E_Mail_Database_Hacked.php

TiVo E-Mail Database Hacked

Marketing Firm Epsilon Notified DVR Company of Breach
By Todd Spangler -- Multichannel News, 4/2/2011 4:31:09 PM

An "unauthorized person" gained access to e-mail addresses and the first names of TiVo customers after a security breach at a third-party marketing vendor, the DVR company said Saturday.

TiVo said it was informed by Epsilon, an e-mail marketing vendor, that files for some TiVo customers were accessed by an unauthorized individual. "We were advised by Epsilon that the information that was obtained was limited to first name and/or e-mail addresses only," TiVo said.

snip

Other companies including JP Morgan Chase and Kroger were also affected by the breach, which Epsilon said occurred March 30. Irving, Texas-based Epsilon said it is conducting a "full investigation" into the incident.



BC AdBot (Login to Remove)

 


#2 Union_Thug

Union_Thug

    Bleeps with the fishes...

  • Topic Starter

  • Members
  • 2,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:is everything
  • Local time:03:18 PM

Posted 03 April 2011 - 07:22 AM

UPDATE: Massive Breach at Epsilon Compromises Customer Lists of Major Brands
http://www.securityweek.com/massive-breach-epsilon-compromises-customer-lists-major-brands

SecurityWeek has been able to confirm that the customer names and email addresses, and in a few cases other pieces of information, were compromised at several major brands including the following:

TiVo
Marriott Rewards
Ritz-Carlton Rewards
US Bank
JPMorgan Chase
Capital One
Citi
McKinsey & Company
New York & Company
Kroger
Walgreens (Again!)

#3 StauntonComputer

StauntonComputer

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Staunton Virginia
  • Local time:02:18 PM

Posted 04 April 2011 - 11:29 AM

I must get one letter a month stating my info was compromised. Most of the companies give 1 year of credit monitoring to affected customers, but this
is only a reactive solution.

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:18 PM

Posted 04 April 2011 - 08:08 PM

Remember your Bank will not ask you for your info in an email. That is not to enter it there and reply. They may asj you to contact them.
In all cases, contact them (if by internet) by going to their site and then communicate. eg enter Chase.com in yout browser.
Do NoT click on a reply or conact us link in the email.
This is the safest internet proceedure.

Here is an actual copy of a legitimate email from Chase bank about this.

Note: This is a service message with information related to your e-mail address.






Chase is letting our customers know that we have been informed by Epsilon, a vendor we use to send e-mails, that an unauthorized person outside Epsilon accessed files that included e-mail addresses of some Chase customers. We have a team at Epsilon investigating and we are confident that the information that was retrieved included some Chase customer e-mail addresses, but did not include any customer account or financial information. Based on everything we know, your accounts and confidential information remain secure. As always, we are advising our customers of everything we know as we know it, and will keep you informed on what impact, if any, this will have on you.

We apologize if this causes you any inconvenience. We want to remind you that Chase will never ask for your personal information or login credentials in an e-mail. As always, be cautious if you receive e-mails asking for your personal information and be on the lookout for unwanted spam. It is not Chase's practice to request personal information by e-mail.

As a reminder, we recommend that you:

Don't give your Chase OnlineSM User ID or password in e-mail.
Don't respond to e-mails that require you to enter personal information directly into the e-mail.
Don't respond to e-mails threatening to close your account if you do not take the immediate action of providing personal information.
Don't reply to e-mails asking you to send personal information.
Don't use your e-mail address as a login ID or password.
The security of your information is a critical priority to us and we strive to handle it carefully at all times. Please visit our Security Center at chase.com and click on "Fraud Information" under the "How to Report Fraud." It provides additional information on exercising caution when reading e-mails that appear to be sent by us.

Sincerely,

Patricia O. Baker

Senior Vice President

Chase Executive Office





If you want to contact Chase, please do not reply to this message, but instead go to Chase Online. For faster service, please enroll or log in to your account. Replies to this message will not be read or responded to.

Your personal information is protected by advanced technology. For more detailed security information, view our Online Privacy Notice. To request in writing: Chase Privacy Operations, P.O. Box 659752, San Antonio, TX 78265-9752.
JPMorgan Chase Bank, N.A. Member FDIC
© 2011 JPMorgan Chase & Co.


This e-mail was sent to: your name@yourmailserver.com <<-- I edited that line


Edited by boopme, 04 April 2011 - 08:14 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users