JP Morgan Chase and the Kroger supermarket chain are warning customers that their names and e-mail addresses may have fallen into the wrong hands after someone broke into computer systems at e-mail marketing giant Epsilon.
Epsilon, whose customers also include Visa, Kraft, Citibank and Marriott International, acknowledged the incident in a brief statement Friday. “On March 30th, an incident was detected where a subset of Epsilon clients’ customer data were exposed by an unauthorized entry into Epsilon’s email system,” Epsilon said. “The information that was obtained was limited to email addresses and/or customer names only.”
Epsilon said it doesn’t believe any other personal information was compromised, but it is now working with authorities on an investigation, a company spokeswoman said Friday.
Epsilon only learned of the breach on Wednesday and it is unclear how serious the issue is. On Friday, spokespeople for Chase and Epsilon declined to say much beyond their prepared statements.
In a letter to customers, Kroger said customer names and e-mail addresses were stolen. “As a result, it is possible you may receive some spam email messages,” Kroger said. “We apologize for any inconvenience. Kroger wants to remind you not to open emails from senders you do not know. Also, Kroger would never ask you to email personal information such as credit card numbers or social security numbers. If you receive such a request, it did not come from Kroger and should be deleted,” the letter states.
Epsilon sent 6.5 billion e-mail marketing messages in 2009, but the company also runs loyalty programs for Citi and Chase credit card users, and the kind of information stored in its databases could be extremely valuable to criminals looking to steal banking information in phishing attacks.
Epsilon told Chase that none of its customers’ financial information was compromised, the bank said Friday in a press release.
Kroger has posted a frequently asked questions document about the incident.
Marriott could not immediately be reached for comment, and Citi had no immediate comment when contacted Friday afternoon.
Robert McMillan covers computer security and general technology breaking news for The IDG News Service. Follow Robert on Twitter at @bobmcmillan. Robert’s e-mail address is email@example.com