Best Buy, bank customers hit by data breach

Names and email addresses of Canadian and U.S. customers of Best Buy, some banks and other firms have been exposed in a data breach.

Best Buy Canada and Victoria, B.C.-based AbeBooks were among the companies that sent emails Monday to Canadian customers informing them that hackers may have gained access to their files after a data breach at Dallas, Tex.-based marketing and communications firm, Epsilon.

The company, which bills itself as "the world's largest email marketing provider," says it sends over 40 billion emails annually on behalf of 2,500 clients.

Other companies who sent emails to clients saying they may be affected by the breach include major U.S. banks and credit-card issuers Capital One, Barclays Bank, U.S. Bancorp, JPMorgan Chase & Co. and Citigroup, along with hotel chain Marriott International Inc., Walt Disney Co.'s travel subsidiary Disney Destinations, TiVo Inc., Kroger Co. and Walgreen Co.

The College Board, the not-for-profit organization that runs the SATs, said students' data might also have been exposed.

Epsilon issued a brief statement on Friday confirming that "unauthorized entry into Epsilon's email system" exposed names and email addresses from the customer data of Epsilon's clients. The company said "no other personal identifiable information associated with the names was at risk" and a full investigation was underway.

Epsilon spokeswoman Jessica Simon declined to comment further to The Associated Press late Sunday.

The biggest risk in this kind of data breach is that criminals could use the email addresses to trick customers into providing more personal information by posing as one of the companies affected — a technique known as phishing.

In an email warning customers of the breach, AbeBooks reminded recipients that it would never ask customers for personal or account information in an email.

"Please exercise caution if you get any emails that ask for personal information or direct you to a site where you are asked to provide personal information," the email added.

Angela Scardillo, vice-president of marketing for Best Buy Canada, sent an email to Canadian members of the company's RewardZone loyalty program Monday warning them that they might receive spam email messages as a result of the breach.

"We would advise you to be very cautious when opening links or attachments from unknown senders," the email said.