Consumers Warned of Potential Scams Related to Epsilon Security Breach

The Office of Consumer Affairs of the Virginia Department of Agriculture and Consumer Services (VDACS) advises consumers to be on the lookout for possible Phishing scams resulting from a recent security breach at e-mail marketing giant Epsilon. The breach affects more than 2,200 global brands, including large retailers and financial institutions, and it may have compromised millions of e-mail addresses.

While the perpetrators apparently were able to access only customer names, e-mail addresses and the name of companies with which the customers did business, the potential for damage is great. Consumers need to be extremely wary about authentic-looking e-mails from companies with which they do business. They need to remember that legitimate companies will not e-mail you asking for personal financial information like Social Security numbers, credit card information or other personal information. If consumers unwittingly reveal sensitive information to scammers, they could be setting the stage for identity theft.

“We want consumers to be careful with their financial and other sensitive information,” said Matthew J. Lohr, VDACS Commissioner, “but we also want them to know that they can take a number of actions to safeguard their personal information, now and in the future. These actions are not just appropriate in response to the current threat; they are things consumers should do all the time.”

Lohr says that a major risk from the Epsilon breach likely will come from Phishing attacks. Phishing is a fraudulent effort in which criminals send e-mails, pop-up messages, text messages or make phone calls that seem to come from legitimate companies asking you to provide personal information such as your Social Security number, account numbers, passwords, PINs or personal identification numbers, or other data that will help them gain access to your money.  Consumers may receive an authentic-looking e-mail or document from a reputable retailer or credit card company saying that their information may have been breached and that they need to confirm account numbers or other information.
What can you do to protect yourself?   VDACS advises you never to give your personal or financial information to someone who unexpectedly contacts you claiming to represent your bank, credit card company, retailer, utility or other institution.  You should not click on any link in a suspicious e-mail nor should you copy and paste the link from a suspicious e-mail into your internet browser. Scammers make sure their dealings seem legitimate, so even if the request sounds authentic, take time to check out the inquiry before you respond.  Visit the website of the legitimate company you know and trust, or call the number on the back of your credit card or a recent statement to confirm that representatives have been authorized to solicit customer information.

If someone who says they represent your credit card company or bank calls to ask you about suspicious activity in your account, they should ask only about the transactions in question.  Do not provide your account number, expiration date or other data because the legitimate company or bank would already have that information on file and would not need to ask for it.

Take a close look at your bank account and credit card statements as soon as they arrive and look for unauthorized charges. Call your bank or credit card company if your statement is significantly late to confirm that no one has changed your billing address and that your account balances are correct.

Request free copies of your credit reports by logging onto, calling 877.322.8228 or completing the Annual Credit Report Request Form and mailing it to Annual Credit Report Request Service, P.O. Box 105281, Atlanta GA   30348-5281.  Review the reports carefully to determine what fraudulent activities may have occurred in your name.

If you have given account numbers, PINs, passwords or other details to someone whom you suspect is not acting honestly, visit the Federal Trade Commissions’ Identity Theft website,, or call 877-ID-THEFT (877.438.4338) for helpful information.  Also contact the relevant companies as quickly as possible to protect yourself and to inform them.  Consider closing affected accounts or making them password protected so the Phisher cannot make use of the stolen information. Forward Phishing e-mails to the Federal Trade Commission at; they will be entered into a database for use by law enforcement agencies.

Next, contact the three major credit reporting agencies, (800.916.8800), (888.397.3742) and (888.766.0008).  Request that the fraud department flag your file with a fraud alert.  You may also wish to consider asking the three agencies to put a freeze on your credit reports thereby locking out anyone seeking to open an account or fraudulently establish new credit in your name.  More information about security freezes is available at the respective websites.

For additional information about Phishing or any other consumer topic, please contact the Virginia Department of Agriculture and Consumer Services’ Consumer Protection Hotline, toll-free in Virginia, at 1.800.552.9963; in the Richmond area, dial 786.2042. Or visit to find consumer information on the Web.


  1. Beth Dowling says:

    I am amazed by how many companies I conduct business with online use Epsilon. I have received several notices already. I was thinking of simply closing my current email address. Or, is that just a waste of time and energy if I am cautious about “scam” type emails? Will wait and see how much junk I start receiving, if any.