04/12/2011

Epsilon®, an online marketing unit of Alliance Data Systems Corp.®, announced on April 1, 2011, that some of its customer files had been hacked into by fraudsters. Epsilon sends email campaigns and offers to consumers who register for a company‘s website or who give their email addresses while shopping. Epsilon sends more than 40 billion emails annually. Additionally, the company manages the loyalty programs for several companies. 
PLEASE NOTE: Premier Bank does not use Epsilon or Alliance Data Systems Corp as a vendor. We are alerting you to this email address security breach due to its significant size and the possible use of the information by fraudsters.

In a brief statement, Epsilon said it detected a breach on March 30, 2011, during which "clients‘ customer data were exposed by an unauthorized entry into Epsilon‘s email system." The company stressed that the information consisted only of email addresses and customer names, and that it was continuing to conduct a full investigation.

Because of this data breach, please be on heightened alert and wary of phishing or spear phishing emails. Once scammers know their victims‘ names and email addresses, along with the companies the customers do business with, the scammers can craft very targeted email attacks that attempt to trick victims into revealing more sensitive information (for example: passwords or account numbers). Phishing and spear phishing are defined below.

  • Phishing - This fraud scheme refers to emails sent to you by fraudsters known as "phishers." This fraud is designed to trick you into providing personal banking information. Phishers attempt fraudulent transactions when they have the basic personal identity or account information that a cardholder provided to them through a fraudulent email.
  • Spear phishing - This is an email-spoofing fraud attempt that targets a specific person by name seeking to gain confidential data. As with the email messages used in regular phishing, spear phishing messages appear to come from a trusted source.

Please keep in mind that you should always be cautious and never provide personal or confidential information as a result of receiving an email, voice message, or text message. In addition, you should be wary of links provided in emails. Hovering or moving your computer mouse pointer over an embedded hyperlink should reveal the associated Web address. If you do not recognize the Web address or if the addresses do not match, there may be reason for suspicion.

If you have any questions regarding this information, please contact us at 563.588.1000.