I just had to write this up for work (because, hey, English Major), so I thought I'd throw it up here, too.
Some of you may have seen this in the news, or received warnings from companies if you happen to be on their mailing lists. If you're coming in late, here's what you need to know.
1. There's a company called Epsilon (a subsidiary of Alliance Data Systems Corp.)
2. Epsilon handles e-mail mailing lists for a lot of other companies.
3. Late last week, someone hacked into Epsilon's database and obtained an unknown (but presumably very large) number of names and their associated e-mail addresses.
What does this mean to you?
1. Apparently names and e-mail addresses were the only data taken. As a result, this is a fairly minor threat. That is simply not enough information to use for identity theft, credit card fraud, etc.
2. BUT, it does mean that anyone who gets ahold of the stolen information can create better, more convincing phishing scams.
3. Also, you're likely to see a lot more spam in your e-mail accounts for the next few weeks or months.
Phishing scams work by convincing people to give the scammer their personal (generally financial) information. The scammer pretends to be from a major company: Bank of America, Amazon, Comcast, Ebay, etc, The scammer sends you an e-mail informing you that there is a problem with your account, and that you need to provide your information (bank account, credit card number, username and password - things like that) in order to fix it. If you give your information to the scammer, they use it to rob you.
The data taken from Epsilon allows scammers to send their e-mails to people that they know are on the mailing lists for specific companies. That makes the phishing e-mails more convincing, since they appear to be coming from companies that you actually use.
So, what can you do to keep your information safe? It's the same strategy that you should be using anyway, all the time: never give your personal information away. Reputable companies will not send you e-mails asking for your account information; they already know your account information. They also won't send you e-mails asking you to visit a website where you put in your information. (For that matter, they won't call you up to ask for that sort of information, either.) If someone contacts you and asks for your information on behalf of a company, do not give it to them. If you're concerned, contact the company yourself (go to their website by typing in the address yourself, or looking it up through Google). Make sure you know who you're really talking to.
In other words, this is not something to panic about. It's just a good idea to be a little extra-vigilant for the next few weeks. If you want more information, there's a CNN article about the breach here: