BBB Consumer Alert: Widespread Consumer Information Breach at Major Corporations May Spawn Increase in Targeted Phishing Attempts
Memphis, TN, April 5, 2010 – A number of financial and commercial institutions are informing customers that they have suffered a breach of customers’ privacy in what is believed to be one of the most widespread cases in history, according to Reuters News Agency.
Among those affected are clients of Citigroup and other large U.S. companies, including Walgreens, TiVo, Capital One, Hilton Hotel Group, Target, teleshopping company HSN, several of the nation's largest banks, as well as millions of college-bound students who accessed College Board, which administers SAT admissions exams.
The breach reportedly occurred when someone outside the company hacked into system files at Epsilon, which sends more than 40 billion e-mail ads and offers annually, usually to people who register for a company's website or who give their e-mail addresses while shopping. It also handles emails for financial institutions.
The good news is that no personal financial information appears to have been compromised. The bad news is that phishing emails delivered to your inbox may be on the rise. BBB employees have already received notifications from various companies, alerting them to this breach and warning of the potential increase in phishing attempts.
Sample notification from one of the affected companies
“With such a large number of consumers affected in this data breach and the fact that financial information doesn’t appear to have been exposed, a significant increase in phishing emails may be seen,” said Randy Hutchinson, BBB president. “Be extra cautious of emails you receive from any company or bank – even one you regularly do business with - that asks for information or contains links. If you’re not sure of its legitimacy, contact the company directly.”
Better Business Bureau Tips to Avoid Phishing Scams:
- Don't respond to e-mails requiring you to enter personal information in the e-mail or links.
- Don't respond to e-mails that threaten to close your account if you do not provide personal information immediately.
- Don't reply to e-mails asking you to send personal information.
- Don't use your e-mail address as a banking login ID or password. If you currently use your email address as your login ID, this would be a good time to change it to something more secure.
- Update all areas of your computer’s security. This will help prevent fraudulent emails from landing in your inbox in the first place and help prevent hackers from infiltrating your system.
- If you become a victim of a phishing scam, file a complaint with the Internet Crime Complaint Center at www.ic3.gov or 800-251-3221.
- If you receive an email informing you that your information was compromised by the breach, contact the sender for more information.