CTVNEWS

Best Buy Canada clients among those hit by email hack

CTV.ca News Staff Published Monday, April 4, 2011 7:26PM EDT

In this image taken from Epsilon's website, the company issues a notice to clients of unauthorized entry into email systems on Monday, April 4, 2011.

Text:

Best Buy Canada is among several large companies warning customers that their email addresses may have been accessed during a hack into the databases of a major American advertising company.

While most of the companies affected by the security breach don't operate north of the border, Best Buy sent a notice to its Canadian "Reward Zone" customers Monday, letting them know they could be the targets of fraudulent emails. It said the people who sought the data, which included names and email addresses, could use it to try to trick people into giving up their passwords for various websites.

"It is possible that you may receive spam email messages as a result and we would advise you to be very cautious when opening links or attachments from unknown senders," said the email, obtained by CTV.ca and signed by vice-president of marketing Angela Scardillo.

"Best Buy will never ask you to provide or confirm any information, including credit card numbers, unless you are on our secure e-commerce site, www.bestbuy.ca. If you receive an email asking for personal information, delete it. It did not come from Best Buy."

The company said it has launched an independent investigation into the breach.

Epsilon, the email-management company whose data was hacked, has assured its clients that account details, passwords and other personal information were not at risk. Customers of TiVo, Disney Destinations, Walgreens, Kroger, Capital One Financial, Barclays Bank, U.S. Bancorp and Citigroup and JPMorgan Chase were also targeted, as were student email addresses from the College Board, which runs the SAT tests.

It is unclear whether TiVO's Canadian customers were affected. When contacted by CTV.ca on Monday, spokesperson Krista Wierzbicki said the company was investigating the issue and had emailed all affected customers on the weekend.

The Dallas-based Epsilon -- which boasts more then 2,500 clients and sends more than 40 billion emails a year -- notified its clients of the breach on Friday.

The information gained from the cyber-attack could aid those running "phishing" scams, in which targets are asked to enter their login information into a falsified version of their bank's website. The data is then used to access the target's real bank account.

Garnett, a 31-year-old Belleville resident whose information was included in the breach, says he hasn't received any phishing emails since Best Buy informed him of the situation. He says he knows not to respond to any unsolicited emails and is thankful the company was quick to contact its customers.

"My only concern would be that Best Buy has provided complete disclosure as to the extent of the breach," he told CTV.ca in an email on Monday. "When you sign up, they ask for address, date of birth, shopping habits, etc. Is this information at risk too?"