In response to the growing list of companies impacted by a security breach at Epsilon Data Management, Attorney General Peter F. Kilmartin is urging Rhode Island consumers to screen e-mails carefully and not to respond to requests for personal or account information, including login names or passwords.
On March 30, 2011, Epsilon began to notify its corporate clients of a security breach in which potentially 40 million customers may have had personal identifying information compromised by a security breach. It is believed that the breach is limited to names and emails only, however information regarding the breach continues to develop.
Epsilon sends more than 40 million emails annually to customers of their more than 2,500 corporate clients. Among those clients reportedly affected by the breach are Ameriprise Financial; Best Buy; Brookstone; Capital One; Citi; Disney Destinations; Home Shopping Network; JP Morgan Chase; Kroger; LL Bean Visa Card; Marriott Rewards; McKinsey & Company; New York & Company; Robert Half Technologies; The College Board (which manages SAT and other college prep services); TiVo; US Bank and Walgreens.
It is believed additional companies’ information has been breached, yet a complete list has not been released by Epsilon.
“While at this point there is no indication that financial information was compromised, this is the time when consumers need to be most vigilant and not inadvertently give savvy criminals access to the bank and credit card information,” said Attorney General Peter Kilmartin.
Attorney General Kilmartin reminds consumers to be cautious of emails that look to be a legitimate e-mail from one of those companies, but it has been sent by a scammer asking for account numbers or other information that could be used for fraud.
Consumers should follow these tips to prevent phishing schemes:
Do not follow a link to a secure site from an email; always enter the URL manually.
Do not enter your bank account number, social security number, credit card number or any other personal information in a web page that you were linked to through an email or text message.
A legitimate financial institution or entity will not ask you to provide personal identifying information in an email or ask you to verify personal identifying information in an email.
If you are worried about your account, do not respond to the email, text, or automated call. Instead, call your financial institution or entity directly from the phone number you have from your personal records, bank statement, phone book or Internet search.
Use a phishing filter.
Use anti-virus and anti-spyware software; use a firewall and update them regularly.
Review credit card and bank account statements as soon as you receive them.
If you suspect that your password on a website has been compromised, call the company immediately to change your password.
If you believe you are a victim of consumer fraud, please contact the Consumer Protection Unit at the Department of Rhode Island Attorney General at (401) 274-4400. You can download a consumer complaint form by visiting our website at www.riag.ri.gov. You can also email us at email@example.com.