What would you do if you received an email like this:

Dear _(name of business)_ Customer,

This company values your trust and wants to make you aware of a recent incident. We learned from our email provider, Epsilon, that limited information about you was accessed by an unauthorized individual or individuals. This information included your name and email address and did not include any financial or other sensitive information. We felt it was important to notify you of this incident as soon as possible. We apologize for any inconvenience and have outlined below a number of email safeguards to help ensure your privacy online.

That is the exact wording of an email I recently received from an online business that I’ve shopped with. For the benefit of everyone who may have been affected by Epsilon’s security breach, we’ll break down just what happened, who was affected, and what you can do about it.

Simply put, Epsilon is an email direct marketing firm. When you give your email address to a company, that company forwards your information to Epsilon, who from then on, is responsible for sending you emails in reference to that company. Here are a few perfectly sound reasons why you might hand over your email address:

• Creating a profile to shop with an online store
• Filling out a survey
• Entering a drawing
• Participating in a loyalty rewards program
• Signing up for coupons or freebies

Epsilon sends out more than 40 billion emails each year, so the number of consumers shopping, banking, and participating in other online activities is vast.
Normally, your email address would be protected. Many companies even promise that they will not sell or rent your personal information to anyone. In this case, however, Epsilon was breached. Hackers were able to extract sensitive information – the personal details of customers – from Epsilon, who happens to work with several major companies internationally. This is not necessarily the fault of lax security on the part of Epsilon. Hackers work constantly to gain access to private information and when they do, companies (like Epsilon) take immediate action to rectify the breach. This means that you don’t have to fear ever giving out your personal information again. Unfortunately, hacking happens.
Were you affected by the security breach? An obvious indication would be if you received an email similar to the one I received above. Otherwise, if you’ve ever provided personal information to one of the following companies, you might also be a victim:

• Ann Taylor
• Best Buy
• Capital One
• Eddie Bauer
• Kroger
• Marriott
• Target
• Verizon
• Victoria’s Secret
• Walgreens

That is far from the complete list. To see all of the companies affected by the security breach, you can visit the List of Companies Hit By Epsilon Breach article on the Threat Post site.
If your personal information was among that of the data stolen from Epsilon, what can you do about it? Follow the advice that was listed in the second half of the email that I received:

• Don't open links or attachments from people you don't know and trust.
  
• Don't provide personal, financial, or other sensitive information when asked to do so by email. Most reputable companies do not ask for such information by email, and, rest assured, we will not do so.
  
• If you receive an email appearing to come from us that does ask you for sensitive information, do not respond, click on any links, or download any attachments. Instead, please inform us immediately at the toll-free number or email address provided below.

That’s all actually great advice. Now that you know your information is in the hands of someone other than the company you permitted to use it, be on your guard. Whether in the form of phone calls, letters, or emails, ignore unsolicited offers. When in doubt, contact the company directly. No matter how inconvenient a few extra precautions may be, they will be well worth it.