Protecting yourself

Consumers, bank customers on alert following major email theft

Jeremy Simon

The next email bearing my bank’s logo could very well be from a hacker.

Earlier today, Chase sent an email warning of a major theft that could affect me and other bank customers. “Chase is letting our customers know that we have been informed by Epsilon, a vendor we use to send emails, that an unauthorized person outside Epsilon accessed files that included email addresses of some Chase customers,” the email said.

chase-letter-lg.jpgChase explained that although some customer email addresses were compromised in the breach, the stolen information “did not include any customer account or financial information. Based on everything we know, your accounts and confidential information remain secure.”

Based on news reports, Chase customers aren’t the only ones who have been victimized. According to The Associated Press, financial-service companies such Capital One, Barclays Bank, U.S. Bancorp, Citigroup and Ameriprise Financial were also affected, as well as retailers including Best Buy, TiVo, Walgreen and Kroger. In total, the AP said millions of email addresses may have been stolen.

That means plenty of us will need to be on guard when we open our inboxes.

“The email addresses could be used to target spam. It’s also a standard tactic among online fraudsters to send emails to random people, purporting to be from a large bank and asking them to log in in at a site that looks like the bank’s site. Instead, the fraudulent site captures their login information and uses it to access the real account,” the AP reported.

Following the breach, victims could receive what appear to be bank emails but — in fact — are the work of clever fraudsters doing what’s known as “phishing.” These emails will indicate that consumers need to supply personal information, such as account or Social Security numbers.

If you get such an email, don’t panic, but do visit your bank’s website. That’s the place to log into your account — rather than via a link provided on a phishy smelling email.

See related: 10 ways to protect yourself from data breaches

Join the Discussion

We encourage an active and insightful conversation among our users. Please help us keep our community civil and respectful. For your safety, we ask that you do not disclose confidential or personal information such as your bank account numbers, social security numbers, etc. Keep in mind that anything you post may be disclosed, published, transmitted or reused.

The editorial content on is not sponsored by any bank or credit card issuer. The journalists in the editorial department are separate from the company's business operations. The comments posted below are not provided, reviewed or approved by any company mentioned in our editorial content. Additionally, any companies mentioned in the content do not assume responsibility to ensure that all posts and/or questions are answered.

  • I was just listening to NPR’s account of the data breach. They point out that the scammers can use the email addresses gathered in this fasion to create more-targeted phishing e-mails, ones that have a better chance of getting opened and clicked because they can make it appear to come from your bank.
    I particularly liked the term for this type of targeted spam: spear-phishing.

  • Col

    Chase sent out emails to tell us that someone stole email addresses. That seems to be the dumbest thing I’ve ever heard of. How do you know if an email from Chase is from Chase? If my email address was stolen, perhaps the thief is sending an email purported to be from Chase. The one I got said “Click here to see this important message from Chase”. I think not…

  • @ Col: These emails have been sent from a number of major companies warning about the breach and it has been reported in the news. Still, when it comes to individual emails, you are right to be cautious about clicking links on any questionable messages.