CHARLOTTE — Today, many large corporations including Best Buy, Chase Bank, BJs and more began notifying their customers of a security breach at Epsilon, a company that many corporations use to send emails to its customers.
“The exposure to customers seems to be limited to email addresses and does not include credit card or other financial information,” said BBB President Tom Bartholomy. “However, customers could be at risk of identity theft and should be careful about opening emails and clicking on links .”
If you are a customer of Best Buy, or any of the major businesses involved, you could receive emails from “spoofed” websites that look like the real websites, spam emails, phishing emails or emails with attachments that contain viruses, spyware or malware.
The goal of these types of cyber scams is usually identity theft or obtaining financial information.
The BBB has this advice:
• Never click on links or open attachments in suspicious emails.
• Never provide personal information to anyone who contacts you via email or who instructs you to click on a link to “change your password for security reasons.”
• Make sure your personal computer has up-to-date anti-virus software and run it regularly.
For more information about protecting your identity, please visit www.bbb.org.
Here is a sampling of the real emails customers, including employees of the Better Business Bureau, have received warning them of the breach:
“Dear Valued Best Buy Customer,
“On March 31, we were informed by Epsilon, a company we use to send emails to our customers, that files containing the email addresses of some Best Buy customers were accessed without authorization.
“We have been assured by Epsilon that the only information that may have been obtained was your email address and that the accessed files did not include any other information. A rigorous assessment by Epsilon determined that no other information is at risk. We are actively investigating to confirm this.
“For your security, however, we wanted to call this matter to your attention. We ask that you remain alert to any unusual or suspicious emails. As our experts at Geek Squad would tell you, be very cautious when opening links or attachments from unknown senders.
“In keeping with best industry security practices, Best Buy will never ask you to provide or confirm any information, including credit card numbers, unless you are on our secure e-commerce site, www.bestbuy.com. If you receive an email asking for personal information, delete it. It did not come from Best Buy.
“Our service provider has reported this incident to the appropriate authorities.
“We regret this has taken place and for any inconvenience this may have caused you. We take your privacy very seriously, and we will continue to work diligently to protect your personal information. For more information on keeping your data safe, please visit:
http://www.geeksquad.com/do-it-yourself/tech-tip/six-steps-to-keeping-your-data-safe.aspx.
“Sincerely,
“Barry Judge
“Executive Vice President & Chief Marketing Officer
“Best Buy”
CHASE BANK
“Chase is letting our customers know that we have been informed by Epsilon, a vendor we use to send e-mails, that an unauthorized person outside Epsilon accessed files that included e-mail addresses of some Chase customers. We have a team at Epsilon investigating and we are confident that the information that was retrieved included some Chase customer e-mail addresses, but did not include any customer account or financial information. Based on everything we know, your accounts and confidential information remain secure. As always, we are advising our customers of everything we know as we know it, and will keep you informed on what impact, if any, this will have on you.
“We apologize if this causes you any inconvenience. We want to remind you that Chase will never ask for your personal information or login credentials in an e-mail. As always, be cautious if you receive e-mails asking for your personal information and be on the lookout for unwanted spam. It is not Chase’s practice to request personal information by e-mail.
“As a reminder, we recommend that you:
“Don’t give your Chase OnlineSM User ID or password in e-mail.
“Don’t respond to e-mails that require you to enter personal information directly into the e-mail.
“Don’t respond to e-mails threatening to close your account if you do not take the immediate action of providing personal information.
“Don’t reply to e-mails asking you to send personal information.
“Don’t use your e-mail address as a login ID or password.
“The security of your information is a critical priority to us and we strive to handle it carefully at all times. Please visit our Security Center at chase.com and click on “Fraud Information” under the “How to Report Fraud.” It provides additional information on exercising caution when reading e-mails that appear to be sent by us.
“Sincerely,
“Patricia O. Baker
“Senior Vice President
“Chase Executive Office”
The warnings from the affected companies began coming out about an hour ago, the BBB reports.