Credit card issuers warn customers of email list leak

By , CardRatings contributor
  • Google +
  • Twitter
  • Facebook
credit card

Millions of consumers were surprised by email messages in their inboxes this month alerting them to one of the most widespread online security breaches in recent history.

As many as 50 major companies revealed that their customer email lists had been compromised after a cyber-attack on a shared technology vendor, Epsilon. According to news reports and company statements, an unknown person or group gained access to the Dallas technology company's database, allowing them to obtain subscribers' names, email addresses and business relationships.

Credit card company actions

Credit card issuers and retailers issued some of the first warnings to their customers, assuring them that account details beyond name and email address had not been shared with Epsilon. Based on the nature of the security breach, companies noted, the culprits did not gain enough information to directly access customer accounts. However, according to data security specialists, criminals could use banks' customer lists and message histories to create realistic-looking messages that contain balance transfer offers or instant approval applications.

Identity theft risk

Data security specialists advised consumers to follow four tips for avoiding identity theft after a security leak of this nature:

  • Visit credit card websites directly, instead of following emailed links. Many of the best credit card companies have already adopted this practice, eliminating the chance that mail forgers could trick cardholders into visiting false versions of their websites.
  • Use email aliases to track the source of incoming messages from banks or credit card companies. MobileMe, GMail, and other email providers allow users to create special email addresses for single purposes. Subscribers can change or delete compromised email addresses without affecting core email accounts.
  • Manage credit card accounts on secure websites or by phone, never by email. Although convenient, email lacks the security to protect personal banking and credit information from prying eyes.
  • Use distinct passwords for each credit card website and email account. Some security experts expressed concerns that criminals might use Epsilon's lists to guess passwords shared across multiple sites. Tools like LastPass and 1Password can randomize passwords while helping consumers track secure logins across multiple websites.

Because many large companies rely on third-party email services to deliver customer messages, security professionals cautioned that the Epsilon breach underscores the need to remain vigilant for spam and phishing attacks based on compromised mailing lists.

0 Responses to "Credit card issuers warn customers of email list leak"

No Comments

Leave a Comment
About Our Ratings ×

Our editors rate credit cards objectively based on the features the credit card offers consumers, the fees and interest rates, and how a credit card compares with other cards in its category. Ratings vary by category, and the same card may receive a certain number of stars in one category and a higher or lower number in another.

The ratings are the expert opinion of our editors, and not influenced by any remuneration this site may receive from card issuers.

Advertisers in our database are highlighted, and advertisements include an option to apply using links on our site. CardRatings.com may be compensated by companies mentioned on the site when a user's application is accepted or approved by such companies.

How do your cards stack up?

Compare your card starting here


Featured Partner Cards