Hotels, banks and other firms have moved to reassure their
customers following a breach of security databases.
Hackers gained access to a subset of data on Epsilon, a
marketing company that manages email databases for 2,500 companies.
Among the firms acknowledging that they were affected were
TripAdvisor.com, Air Miles Rewards, Best Buy, Citigroup and Ritz-Carlton.
In some cases, companies
moved quickly to inform their customers of the event, releasing statements and
sending email updates to their databases.
“We want to assure you that
the only information obtained was your name and email address. Your account and
any other personally identifiable information are not at risk.
“In all likelihood, this will not impact you. However, we
recommend that you continue to be on the alert for spam emails requesting
personal or sensitive information. Please understand and be assured that The
Ritz-Carlton does not send emails requesting customers to verify personal
information,” read the email from the hotel giant.
Similarly, Air Miles Rewards, Canada, said that it was possible
that customers may receive spam emails.
“We want you to be cautious when opening links or
attachments from unknown third parties. We want to remind you that Air Miles
will never ask for your personal information or login credentials in an email.
“As always, be cautious if you receive emails asking for
your personal information and be on the lookout for unwanted spam. It is not
our practice to request personal information by email.”
The company advised that people should not give out Air
Miles numbers, PIN or any personal information in an email. Indeed, people
should not respond to such requests or threats that accounts would be closed.
Customers should also not click on any links in suspicious emails.
Epsilon had said that the information that was obtained was
limited to email addresses and/or customer names.
“A rigorous assessment determined that no other personal
identifiable information associated with those names was at risk. A full
investigation is currently underway,” the company said in a short statement.
Alliance Data Systems Corp., which is Epsilon’s parent
company, warned customers to be vigilant to phishing scams, in which people are
lured to reveal information that could lead to identity theft and fraud.
Epsilon sends more than 40 billion emails a year on behalf
of more than 2,500 companies, for things like loyalty rewards programs.
In a statement Wednesday, it reiterated that Social Security
and credit card numbers weren’t compromised. Epsilon president Bryan Kennedy
apologised for the inconvenience and the “phishing” emails that victims are
The company said that only 2 per cent of its client base was
affected and that its email volumes aren’t expected to be significantly impacted.
Epsilon said the incident should have “minimal if any impact” on Alliance
Data’s financial performance.
Epsilon is a big moneymaker for Alliance Data, which is
based in Plano, Texas. Epsilon turned $65 million in
operating profit last year, and its $613 million in revenue was 22 per cent of
Alliance Data’s total.
The Associated Press contributed to this story.