Originally Published: April 16, 2011 9:59 p.m.
A data breach at an online email marketing firm in late March is a blow to consumer privacy and could put many at risk.
Alliance Data Systems Corp., parent company of Epsilon, sent out a news release this past week that a computer hacker got into their system and got names or email addresses of approximately 2 percent of its total client base.
Bryan J. Kennedy, president of the company, apologized for the "inconvenience" to consumers and for potential unsolicited emails that consumers might get because of it.
"We are taking immediate action to develop corrective measures intended to restore client confidence in our business and in turn regain their confidence," he said.
It's a big deal as consumers realize that dozens of retailers rely on Epsilon to handle their marketing campaigns.
Companies including Target, Walgreens, Citigroup, Kroger, Best Buy, HSN and The College Board, which oversee the SAT admissions tests, sent notices about the breach to customers.
A recent Wall Street Journal story explained that companies are finding that it isn't cost-effective to manage these marketing campaigns, and the technology to go through customer information to create targeted promotions is changing too fast for businesses to do it on their own.
These companies are using the Texas-based data management company, which sends out more than 40 billion emails annually and has more than 2,500 customers, according to the story.
The stolen information does not include social security or credit card data, but it's enough to put consumers in a potentially ugly situation.
Paul Eng, senior web editor for Consumer Reports, recently gave a short list of tips to help consumers protect themselves. Eng's tips include refraining from clicking on any links embedded in emails, keeping anti-virus software current, safeguarding personal information, and considering changing email addresses.
In a phone interview this week, Eng said the cause for concern is that the hacker can figure out who consumers do business with and craft emails that appear to come from those businesses seeking more personal information, like credit card account numbers.
"Hackers now know that this is a valid email address," he said. "Consumers really need to understand that there is no such thing as non-sensitive data," he added.
The Better Business Bureau sent out a press release after seeing one of the first Epsilon data breach phishing scams.
Phishing is a popular emailing scam to get consumers to give password, login or credit card information.
The bureau is seeing emails sent from scammers purporting to be Chase Bank, warning consumers that the bank will deactivate an account if the customer doesn't update his or her profile immediately.
Mary Hawkes, director of the bureau's Prescott office, said they have not received any complaints related to this breach yet, but she urges consumers to watch for emails seeking personal or financial information and to refrain from responding and call the company directly.
"Generally speaking, a legitimate company is not going to email you and ask for personal financial or account information," she said. "That just shouldn't happen and that's the first red flag right there."
For more information, visit www.arizonabbb.org.