Email security breach could expose locals to dangerous scams

BETHEL, OH (FOX19) - A Bethel father is worried about his bank account after a massive security breach at a Dallas marketing firm, and he's not alone.

Epsilon sends out about 40 billion emails every year on behalf of 2500 major clients. Their clients include companies such as Kroger, Target, Walgreens, Chase Bank, and Best Buy. An Epsilon spokesperson said a hacker stole email addresses from its system.

Epsilon spokespeople stick by their claim that only email addresses and names were stolen, and not sensitive information like social security numbers or credit card numbers. A local Internet expert tells FOX19 that little bit of information is still enough to cause you big problems.

"I'm on the web quite a lot so when your bank calls you or sends you an email saying all of system has been breached, you kinda take notice," said Bethel father Don Hardin.

Chase Bank emailed Hardin this week to let him know that his name and email information associated with his bank account had been stolen.

"I don't have a whole lot in my bank account but it is mine," said Hardin. "I don't want it to be gone."

Though the companies affected warn personal information was not taken, FOX19 Internet guru Dave Hatter said the hackers have more than enough information to cause victims harm.

Think about it. Now that the hackers know exactly where you shop and bank, they can send more legit-looking spam to phish for your credit card numbers.

"It's another thing entirely to know that well you're a {bank} customer because we happen to get you out of the {bank} part of this," said Hatter. "Now if you get an email from {the bank}you're going to be much more likely to act on this because you do business with {the bank}."

Hatter said a new phrase has already been coined for this new scheme: "sphere phishing."

Hatter said you should question each unsolicited email from companies, and call the company that allegedly sent you the email to confirm their request.

As for Hardin, this is the second time information related to his Chase bank account has been stolen. He's taking steps to protect himself, and considers this a life lesson about our digital age.

"We do everything online," said Hardin. "We check out accounts online. It's just a way of life nowadays. All you can do is be careful, and not put too much information out there."

Keep in mind that a legitimate company will never ask for you for sensitive information like a social security number or an account password in an email.

Always keep your antivirus software up to date since spam can carry a virus or worse, malware that picks up your keystrokes, and with them, passwords for bank and credit card accounts.

Hatter said you can also create a new email address. In fact, Hatter recommends creating a separate email account you can use to receive all of those coupons and basic information from companies and that'll help contain some of the spam, as well. Also, make sure you use strong filtering tools. That'll make sure spam never hits your inbox in the first place.

The list of companies affected has grown to include:


Best Buy


The College Board

Capital One


Disney Destinations

Home Shopping Network

JPMorgan Chase


LL Bean Visa

Marriott rewards

McKinsey & Company

New York & Company

Ritz-Carlton Rewards


US Bank


Still no word on who is behind the breach of security. Epsilon has reported that a full investigation is underway.

The BBB also has advice to help protect you from identity theft and email phishing scams:

•Be careful about clicking on links or downloading attachments contained in emails. You could expose your computer to viruses, spyware and malware which can lead to identity theft.

•Do not give personal or financial information to anyone who contacts you via email, even if they say they are from your bank, the IRS or a law enforcement agency. These businesses will not contact you via email; they will send you a letter.

•Discuss phishing scams with all the members of your family who have email addresses. Young people are very computer savvy, but may not be scam savvy, and older adults are specifically targeted by scammers because they can be very trusting.

•Watch out for grammatical mistakes in emails. Poor grammar or misspelled words are red flags that the email is probably a scam.

•Keep your anti-virus software up-to-date and run it regularly.

For more information about phishing scams, please visit

Copyright 2011 FOX19. All Rights Reserved.