Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


05:05 PM
Connect Directly

Best Buy Suffers Second Email Breach

Epsilon hack victim's customer emails exposed yet again -- via a different vendor

Best Buy, which was among the 100 or so companies hit in the recent Epsilon breach, is responding to a second consecutive breach at the hands of one of its vendors.

The big-box electronics retailer found on April 22 that email addresses of some of its customers had been "accessed without authorization" via one of its vendors, according to a Best Buy spokesman, who declined to name the vendor. Best Buy had already parted ways with that provider prior to the discovery of the breach, he said, due to a "strategic business decision."

Best Buy would not elaborate on how many customer emails were stolen or provide any details about the attack. It's unclear whether the latest breach was in any way connected to the Epsilon incident.

"I don't know that they are related. But it's an interesting coincidence time-wise," says Dave Marcus, director of McAfee Labs security research communications.

This latest breach comes on the heels of Best Buy's customer emails being exposed in the massive Epsilon breach last month. While no credit card accounts, Social Security numbers, or source code were stolen from Epsilon, millions of email addresses and, in some cases, full names of customers of major retailers and financial institutions were. The attack could reverberate for years to come with phishing, spamming, and targeted attacks against individuals and businesses.

"If I [were] a company [affected by these breaches], I would be worried that any of this information was going to be used against my company for spear phishing ... If my executives' information is in there, that's another kind of information a real attacker wants," McAfee's Marcus says.

Among the big names in retail and banking hit in the Epsilon breach besides Best Buy were 1-800-Flowers, AbeBooks (a division of Amazon), American Express, Ameriprise, AstraZeneca, Barclays Bank of Delaware, Capital One, Citi, The College Board, Dillons, Disney Destinations, Food 4 Less, Hilton HHonors, Home Shopping Network, Jay C, JP Morgan Chase, King Soopers, Krogers, Lacoste, LL Bean VISA, Marriott Rewards, McKinsey Quarterly, Ralphs, Red Roof Inn, Ritz-Carlton Rewards, TiVo, US Bank, Verizon, and Walgreens, according to notices from some of these firms and industry sources.

The Best Buy spokesman noted that the second breach was similar to that of Epsilon's. "A similar situation occurred with some of our customers and other companies recently. We regret these situations have taken place and for any inconvenience that may have been caused. While this is a completely new situation and involves a completely separate vendor, our ongoing commitment to customers and the importance of data security to Best Buy has not changed. We continually assess our data privacy standards and look for opportunities to enhance them," he said.

Meanwhile, Best Buy says it remains an Epsilon partner. But the company considers email service provider Exact Target as its primary provider: "Best Buy continues to work with companies such as Exact Target to execute email marketing programs. Exact Target, our primary email service provider, is widely considered an industry leader in email security. They have been instrumental in helping Best Buy manage recent data security issues and is one of the company’s valued marketing partners," the spokesperson said.

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How to Think Like a Hacker
Dr. Giovanni Vigna, Chief Technology Officer at Lastline,  10/10/2019
7 SMB Security Tips That Will Keep Your Company Safe
Steve Zurier, Contributing Writer,  10/11/2019
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
2019 Online Malware and Threats
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2019-10-16
A Local Privilege Escalation vulnerability exists in the GlobalProtect Agent for Windows 5.0.3 and earlier, and GlobalProtect Agent for Windows 4.1.12 and earlier, in which the auto-update feature can allow for modification of a GlobalProtect Agent MSI installer package on disk before installation.
PUBLISHED: 2019-10-16
A Local Privilege Escalation vulnerability exists in GlobalProtect Agent for Linux and Mac OS X version 5.0.4 and earlier and version 4.1.12 and earlier, that can allow non-root users to overwrite root files on the file system.
PUBLISHED: 2019-10-16
There are some web interfaces without authentication requirements on D-Link DIR-412 A1-1.14WW routers. An attacker can clear the router's log file via act=clear&logtype=sysact to log_clear.php, which could be used to erase attack traces.
PUBLISHED: 2019-10-16
A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an authenticated, local attacker to execute code with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating as the re...
PUBLISHED: 2019-10-16
A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to insufficient...