Was Your Personal Information Put at Risk by the Epsilon Hack?

What happens to your personal information when a company such as Epsilon, a nationally known email marketing company, is hacked? While many of the companies affected by the Epsilon database security breach took quick action to inform customers of the risk, many affected consumers may still be out of the loop. Even if you have not received notification of the data loss, you may be a victim and it’s important to protect yourself from identity fraud.

I had never heard of Epsilon before early April. Early in the month, I was contacted by financial giant Citifinancial and told my husband’s name and email address may have been compromised in a hacker attack on a database housed by Citi Group marketing agent Epsilon. We were guaranteed in the email that only my husband’s name, as the account holder, and his contact email address were made available to Epsilon by Citi Group-and both were potentially breached in the hacker attack.

Over the next five days-and even as this article was being written — I continued to receive email notifications from businesses using Epsilon. Chase, Target and 1800Flowers were three of the latest to notify me of potential risk.

Unfortunately, it seems that Epsilon may serve other clients not so willing to name names in the hacked database incident. I received similar “unauthorized attack” emails during the same time period from grocery store accounts and other financial institutions notifying me of an account breach affecting an unnamed “marketing partner.” Epsilon related? Nationally known Epsilon may be the account offender simply by timing.

How does a breach of name and email affect my personal security?

It leaves my email account wide open to phishing, spam and a multitude of email scams. As a consumer who takes a great deal of care in avoiding the distribution of my primary email account to “outsiders,” this could pose quite an inconvenience.

What should you do to avoid additional risk from an attack such as the one of the Epsilon database?

Do not provide any immediate response to any email request without first verifying the legitimacy with the requesting company. Do not respond directly to a telephone or contact email on the potentially phony requester’s email as those are likely to be fake as well. If a financial institution needs information from you, they typically send a postal mail notification or contact you directly outside of an impersonal email notification.

What is most disturbing about the Epsilon hacking attack?

As a consumer, I am diligent about refusing that my personal information be supplied to third party companies or groups. Epsilon is a major marketing agent for several large companies and is not considered a third party entity. I wonder how many other marketing companies have my personal information-and to what extent? While I understand that no company is immune to hacking, it does concern me that many of the businesses affected by their relationship with Epsilon have been so late in informing consumers of the potential risk.

What should consumers consider about the risk associated with the Epsilon hacking attack?

Whether notified of a security breach or not, Internet users must be vigilant in anti-identity theft efforts. Even when receiving an email communication from a known company, users should take a few moments to verify the details and the source through safe contact routes before providing any personal information. Identity theft happens daily and leads to devastating losses. While you may blame the irresponsibility of large companies and petty hackers, the ultimate responsibility to protect your future lies in your own hands.