TiVo users had a rude awakening this morning, finding out the email address they'd given to TiVo as part of their account registration had been compromised.
According to SecurityWeek, Epsilon is currently disclosing even more companies whose email marketing lists had been compromised. Noticing the problem first with grocery retailer Kroger, Epsilon continues releasing company names that were affected by the breach. Here's the list gathered so far:
Kroger
TiVo
US Bank
JPMorgan Chase
Capital One
Citi
McKinsey & Company
Ritz-Carlton Rewards
Marriott Rewards
New York & Company
Brookstone
Walgreens
The College Board (added 4/3 @8:20am)
Home Shopping Network (HSN)(added 4/3 @10:22am)
LL Bean (added 4/3 @1:20pm)
Disney Destinations (added 4/3 @1:20pm)
Barclays Bank of Delaware (added 4/3 @1:20pm)
Considering that Epsilon has more than 2,500 clients sending 40 billion emails each year, this list could keep growing.
TiVo tried to sooth victims, saying the release of personal data "was limited to first name and/or email addresses only." Here's the email we received from TiVo this morning:
While TiVo attempts to minimize the implications of this security breach, email addresses are now in the hands of those who would break into the database of a huge email conglomerate. This means those addresses might be targeted with phishing schemes, spam, and other annoyances.
Now that they have a list of confirmed email addresses, those spammers and other miscreants will have much better success at targeting their victims.