photoConsumers need to be on the alert following last weekend's data breach at one of the nation’s largest email marketing companies, Epsilon Interactive.  As a result of the data breach, potentially millions of names and email addresses are in the hands of online hackers. (Read more consumer complaints about privacy).

The very hackers who stole the data will likely send phishing emails asking for your personal information.  Phishing emails often appear to be from legitimate companies, but are in fact crafted to solicit your personal banking information and social security number.

Affected companies have been notifying consumers that their information may be compromised and consumer protection officials around the country are urging consumers to take the warnings seriously – not only now but for many months to come.

Soothing language

Many of the warnings being sent by companies are written in language seemingly intended to lull consumers into a false sense of security. Capital One, for example, said: “Capital One has been informed that the compromised files did not include any personally identifiable or customer financial information,” the credit card company said in a statement Sunday. “Capital One is actively investigating the incident and Epsilon is conducting its own comprehensive investigation in cooperation with the appropriate authorities.”

In an email to its customers, Ameriprise Financial said: "Epsilon sends marketing and service emails on our behalf but does not have access to sensitive client data such as social security numbers. They have assured us that only names and email addresses were obtained. We take your privacy very seriously and want you to be aware of this."

Assuming it is true that only names and email addresses were stolen, that is still a very valuable starting point for criminals, online security experts noted. Just the ability to match full names and email addresses gives scam artists a headstart on chipping away at the rest of an individual's private information.

Once the information has been compromised, it is likely to be widely distributed in the black market and used by numerous scam artists for many years to come.

Companies that use Epsilon for email marketing include:

  • US Bank


  • Lacoste

  • Best Buy


  • Target

  • JP Morgan Chase


  • Tivo

  • Barclays Bank


  • Walgreens

  • Citibank


  • Visa

  • Hilton Worldwide


  • Capital One

  • Kroger Groceries


  • American Express

Consumer warnings

A typical warning came from Oregon Attorney General John Kroger, who reminded his constitutents that legitimate companies will never ask you for a bank account or social security number or username and password in an email. Common examples of phishing emails including fake “package delivery confirmation” and “bank account” emails.  Attorney General Kroger offers the following tips to stay safe from online hackers.

  • Never respond to an email soliciting personal information.  If you suspect it might be legitimate, pick-up the phone and call the company directly.

  • Do not click on any links embedded in phishing emails.  They may contain viruses or malware designed to steal your personal information.

  • Make sure your computer has up to date anti-virus software.