Best Buy Suffers Second Email Breach

  /     /     /  
Publicated : 22/11/2024   Category : security


Best Buy Suffers Second Email Breach


Epsilon hack victims customer emails exposed yet again -- via a different vendor



Best Buy, which was among the 100 or so companies hit in the recent Epsilon breach, is responding to a second consecutive breach at the hands of one of its vendors.
The big-box electronics retailer found on April 22 that email addresses of some of its customers had been accessed without authorization via one of its vendors, according to a Best Buy spokesman, who declined to name the vendor. Best Buy had already parted ways with that provider prior to the discovery of the breach, he said, due to a strategic business decision.
Best Buy would not elaborate on how many customer emails were stolen or provide any details about the attack. Its unclear whether the latest breach was in any way connected to the Epsilon incident.
I dont know that they are related. But its an interesting coincidence time-wise, says Dave Marcus, director of McAfee Labs security research communications.
This latest breach comes on the heels of Best Buys customer emails being exposed in the
massive Epsilon breach last month
. While no credit card accounts, Social Security numbers, or source code were stolen from Epsilon, millions of email addresses and, in some cases, full names of customers of major retailers and financial institutions were. The attack could reverberate for years to come with phishing, spamming, and targeted attacks against individuals and businesses.
If I [were] a company [affected by these breaches], I would be worried that any of this information was going to be used against my company for spear phishing ... If my executives information is in there, thats another kind of information a real attacker wants, McAfees Marcus says.
Among the big names in retail and banking hit in the Epsilon breach besides Best Buy were 1-800-Flowers, AbeBooks (a division of Amazon), American Express, Ameriprise, AstraZeneca, Barclays Bank of Delaware, Capital One, Citi, The College Board, Dillons, Disney Destinations, Food 4 Less, Hilton HHonors, Home Shopping Network, Jay C, JP Morgan Chase, King Soopers, Krogers, Lacoste, LL Bean VISA, Marriott Rewards, McKinsey Quarterly, Ralphs, Red Roof Inn, Ritz-Carlton Rewards, TiVo, US Bank, Verizon, and Walgreens, according to notices from some of these firms and industry sources.
The Best Buy spokesman noted that the second breach was similar to that of Epsilons. A similar situation occurred with some of our customers and other companies recently. We regret these situations have taken place and for any inconvenience that may have been caused. While this is a completely new situation and involves a completely separate vendor, our ongoing commitment to customers and the importance of data security to Best Buy has not changed. We continually assess our data privacy standards and look for opportunities to enhance them, he said.
Meanwhile, Best Buy says it remains an Epsilon partner. But the company considers email service provider Exact Target as its primary provider: Best Buy continues to work with companies such as Exact Target to execute email marketing programs. Exact Target, our primary email service provider, is widely considered an industry leader in email security. They have been instrumental in helping Best Buy manage recent data security issues and is one of the company’s valued marketing partners, the spokesperson said.
Have a comment on this story? Please click Add Your Comment below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News

▸ Travel agency fined £150,000 for breaking Data Protection Act. ◂
Discovered: 23/12/2024
Category: security

▸ 7 arrested, 3 more charged in StubHub cyber fraud ring. ◂
Discovered: 23/12/2024
Category: security

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Best Buy Suffers Second Email Breach