So perhaps you received one of the following two email today. Let’s begin with the first. I received this early in the morning and read it in awe.
Dear Valued Best Buy Customer,
On March 31, we were informed by Epsilon, a company we use to send emails to our customers, that files containing the email addresses of some Best Buy customers were accessed without authorization.
We have been assured by Epsilon that the only information that may have been obtained was your email address and that the accessed files did not include any other information. A rigorous assessment by Epsilon determined that no other information is at risk. We are actively investigating to confirm this.
For your security, however, we wanted to call this matter to your attention. We ask that you remain alert to any unusual or suspicious emails. As our experts at Geek Squad would tell you, be very cautious when opening links or attachments from unknown senders.
In keeping with best industry security practices, Best Buy will never ask you to provide or confirm any information, including credit card numbers, unless you are on our secure e-commerce site, www.bestbuy.com. If you receive an email asking for personal information, delete it. It did not come from Best Buy.
Our service provider has reported this incident to the appropriate authorities.
We regret this has taken place and for any inconvenience this may have caused you. We take your privacy very seriously, and we will continue to work diligently to protect your personal information. For more information on keeping your data safe, please visit:
Executive Vice President & Chief Marketing Officer
This raises a number of questions. I emailed these questions to Best Buy and I’ll let you know if I hear back. When I submitted my message to them at the Contact Us page of bestbuy.com, it actually displayed an error message, so I’m not placing any bets.
1) Best Buy and its Geek Squad (which it laughingly tries to name drop in this email via a “tip”) provides computer and network security services. I’m supposed to trust them with my data?
2) Why does Best Buy outsource the sending of email to begin with?
3) There is no mention of their agreement with this third party vendor being terminated. Why would you still do business with them?
Then this evening I received another email about a different company’s email database being hacked, too. This particular company uses the same third party provider – go figure. Who IS this magical “Epsilon” that has all of the nation’s retail outlets under its mind control?
To our valued guests,
Target’s email service provider, Epsilon, recently informed us that their data system was exposed to unauthorized entry. As a result, your email address may have been accessed by an unauthorized party. Epsilon took immediate action to close the vulnerability and notified law enforcement.
While no personally identifiable information, such as names and credit card information, was involved, we felt it was important to let you know that your email may have been compromised. Target would never ask for personal or financial information through email.
Consider these tips to help protect your personal information online:
* Don’t provide sensitive information through email. Regular email is not a secure method to transmit personal information.
* Don’t provide sensitive information outside of a secure website. Legitimate companies will not attempt to collect personal information outside a secure website. If you are concerned, contact the organization represented in the email.
* Don’t open emails from senders you don’t know.
We sincerely regret that this incident occurred. Target takes information protection very seriously and will continue to work to ensure that all appropriate measures are taken to protect personal information. Please contact Guest.Relations@target.com should you have any additional questions.
Vice President, Marketing and Guest Engagement