CNET también está disponible en español.

Ir a español

Don't show this again


Major security breach exposes customer info (video)

CNET's Kara Tsuboi reports on the database hack at Epsilon, which handles e-mail marketing for thousands of companies, and what customers can do to protect themselves.

Now playing: Watch this: Breach exposes clients' customer names, e-mail

More and more customers are receiving e-mails warning them of Friday's database hack at Epsilon, which handles e-mail marketing for thousands of companies. The breach exposed personal information like names and e-mail addresses.

Dallas-based Epsilon works with more than 2,500 clients and sends more than 40 billion e-mails annually, so the magnitude of the breach may not be seen until the investigation is complete. So far, the following companies have confirmed a security breach: Kroger,TiVo, US Bank, JPMorgan Chase, Capital One, Citi, Home Shopping Network, Ameriprise Financial, LL Bean Visa Card, McKinsey & Company, Ritz-Carlton Rewards, Marriott Rewards, New York & Company, Brookstone, Walgreens. The College Board, Disney Destinations, and Best Buy.

In a statement on its Web site, Epsilon says, "The information that was obtained was limited to e-mail addresses and/or customer names only...A full investigation is currently underway."

Epsilon says the hackers did not get their hands on financial information, but CNET reporter Declan McCullagh warns that names and e-mail addresses combined together can be used for potent phishing schemes. For example, a hacker can custom-tailor an e-mail that asks people to log in to a financial Web site. If users see their name and e-mail displayed in one place, they're more likely to follow instructions and reveal that personal information. McCullagh cautions not to open e-mail from unknown senders, and certainly not to click on suspicious links. If you need to log in to a company's Web site, it's safest to type in their address into your browser window.