Names, Emails Stolen in Massive Data Breach

April 4, 2011

Personal information on customers of Citi, Chase, Best Buy, Walgreen, and many other major U.S. companies was stolen by hackers, in what may be one of the biggest data breaches in history.

Personal information on customers of Citigroup Inc., JPMorgan Chase & Co., Best Buy Co., Walgreen Co., and other major U.S. companies was stolen by hackers, in what may be one of the biggest data breaches in history.

Millions of customer names and email addresses were accessed by computer hackers who breached the databases of Epsilon, an online marketing unit of Alliance Data Systems Corp., based in Plano, Texas.

So far, Citi, Best Buy, JPMorgan Chase, Walgreen, Ameriprise Financial Inc., Barclays Bank of Delaware, Brookstone Inc., HSN Inc., The Kroger Co., L.L. Bean Inc., Marriott International Inc., McKinsey & Co., New York & Co., The Ritz-Carlton Hotel Co., TiVo Inc., Verizon Communications Inc., Visa Inc., and Walt Disney Co.'s travel unit, Disney Destinations, are among the companies who have confirmed their customer data were breached, according to information website SecurityWeek.com.

Data from the College Board, which administers the SAT college admission tests and represents about 7 million students at roughly 5,900 schools, were also accessed.

No financial-account information, such as credit-card or Social Security numbers appeared to be exposed, according to statements that were emailed to consumers over the weekend.

But the breach is still a serious concern because the hackers can pair consumer’s name and email addresses with the companies they do business with, making it much easier to trick a victim via so-called “phishing” scams and other types of electronic fraud where thieves pose as legitimate businesses in order to steal consumer login and password information.

Over the weekend, the College Board warned students about the breach and told them to be wary of "links or attachments from unknown third parties," according to emails. (Learn more about phishing attacks and how to protect yourself from them here.)

Experts say the data breach is among the largest ever reported. To date, the largest data breach ever recorded was reported by payment-processing company Heartland Payment Systems of Princeton, N.J., in January 2009, according to news and information website BankInfoSecurity.com. The breach impacted an estimated 130 million credit and debit cards.