As a Best Buy Rewards Zone member, I regularly get email alerts and notifications regarding my account, offers and other stuff. Earlier today, I received a security alert email warning about a recent breach (unauthorized access) on Best Buy customer email addresses. As soon as I read it, I tried to know more about the incident and when I checked online, I found out that there were several other retailers and banks aside from Best Buy that were hit by this email breach.
Over the weekend, Epsilon, the online marketing company who handles the email marketing of Best Buy and companies like TiVo, JPMorgan Chase, Walgreens, Capital One, Marriott, Home Shopping Network, etc. was hit by hackers who accessed customer names and email addresses.
Here’s the email I received from Best Buy:
Dear Valued Best Buy Customer,
On March 31, we were informed by Epsilon, a company we use to send emails to our customers, that files containing the email addresses of some Best Buy customers were accessed without authorization.
We have been assured by Epsilon that the only information that may have been obtained was your email address and that the accessed files did not include any other information. A rigorous assessment by Epsilon determined that no other information is at risk. We are actively investigating to confirm this.
For your security, however, we wanted to call this matter to your attention. We ask that you remain alert to any unusual or suspicious emails. As our experts at Geek Squad would tell you, be very cautious when opening links or attachments from unknown senders.
In keeping with best industry security practices, Best Buy will never ask you to provide or confirm any information, including credit card numbers, unless you are on our secure e-commerce site, www.bestbuy.com. If you receive an email asking for personal information, delete it. It did not come from Best Buy.
Our service provider has reported this incident to the appropriate authorities.
We regret this has taken place and for any inconvenience this may have caused you. We take your privacy very seriously, and we will continue to work diligently to protect your personal information. For more information on keeping your data safe, please visit:
Executive Vice President & Chief Marketing Officer
and here’s the official announcement from the Epsilon website:
On March 30th, an incident was detected where a subset of Epsilon clients’ customer data were exposed by an unauthorized entry into Epsilon’s email system. The information that was obtained was limited to email addresses and/or customer names only. A rigorous assessment determined that no other personal identifiable information associated with those names was at risk. A full investigation is currently underway.
Complete list of companies affected by the email breach at Epsilon:
- Ameriprise Financial
- Best Buy
- Capital One
- Disney Destinations
- Home Shopping Network
- JPMorgan Chase
- LL Bean Visa Card
- Marriott Rewards
- McKinsey & Company
- New York & Company
- Ritz-Carlton Rewards
- The College Board
- US Bank
Epsilon and the companies involved in this incident all say that the only information accessed by the hackers were customer names and/or their email addresses and I hope it’s true. Anyways, If you’re a Best Buy Rewards Zone member or any of the companies listed above, make sure to monitor your email account and keep an eye on emails you receive. Never give out personal information like your home address, social security number, credit card number, etc. and never download email attachments or open links from unknown senders. Better safe than sorry!
Anyone else receive the same email from Best Buy or from any of the companies listed above?