Email Leak Hits Major Banks, Retailers


NEW YORK (MainStreet) — Countless consumers may have had their email addresses exposed after some of the country’s largest banks and retailers had their email systems hacked Thursday.

Epsilon, a service that manages email for dozens of major companies, first announced the data breach on Friday, noting only that a “subset” of their clients’ data was exposed following “an unauthorized entry” into their servers. The company’s clients include major financial institutions like JPMorgan Chase (Stock Quote: JPM), Citigroup (Stock Quote: C) and U.S. Bancorp, as well as retailers like Walgreens (Stock Quote: WAG) and Best Buy (Stock Quote: BBY).

The companies have yet to determine just how many consumers are affected by the leak, but according to Epsilon, the only information that may have been leaked is email accounts and the associated customer’s name. More sensitive data like credit card numbers, home addresses and Social Security numbers were not vulnerable to this particular cyber attack.

Still, the hack prompted companies to email their millions of customers, urging them to be mindful going forward.

“We are confident that the information that was retrieved included some Chase customer email addresses, but did not include any customer account or financial information,” Chase wrote in an email to customers. “As always, we are advising our customers of everything we know as we know it, and will keep you informed on what impact, if any, this will have on you.”

Likewise, Walgreens issued a statement assuring its customers that law enforcement officials were looking into the hacking incident, but reminding consumers to be vigilant against “email scams involving requests for sensitive information.”

Indeed, the biggest risk consumers may face in the coming days and weeks is to be subjected to phishing attacks from whomever has access to their account information. Phishing scams are when cyber con artists pose as a reputable business and send emails requesting the recipient to supply key personal information or else to click on a link that may lead to malware. This particular incident may be especially risky to consumers as the scammers could potentially claim to be one of the financial institutions or big businesses whose email systems were breached.

As a general rule, consumers who are prompted to supply sensitive personal information like credit card numbers and Social Security IDs should never do so directly in the body of an email. Instead, they should visit the company’s website and enter their information that way. Moreover, if the email directs you to click on a link that you’re not familiar with, you may want to double check the address by typing it manually into Google to see what comes up.

For more tips on how to protect yourself against these scams, check out MainStreet’s guide for what to do when your email has been compromised.

—For a comprehensive credit report, visit the Credit Center.

Show Comments

Back to Top