Capital One and Citibank are alerting credit card customers of an unauthorized data breach of customer names and email addresses.
The system breach at Epsilon, a third-party vendor that provides marketing services for many major companies, was announced on April 1. Epsilon works with more than 2,500 clients and sends more than 40 billion emails annually, according to the company website.
According to an April 4 statement from Epsilon, the clients affected by the data breach are "approximately 2 percent of total clients and are a subset of clients for which Epsilon provides email services."
Some Capital One and some Citibank credit card customers are among the consumers affected by the security breach.
According to an April 5 email from Citi Cards, the information obtained in the breach was limited to the customer name and email address of some credit card customers. No account information or other information was compromised.
Capital One was notified by Epsilon that an unauthorized person outside Epsilon gained access to files that included email addresses of Capital One customers.
Capital One has been informed that the compromised files did not include any personally identifiable or customer financial information, according to a statement on the card issuer's website.
Capital One is urging card customers to ignore emails asking for confidential account or login information and reminding customers that familiar looking links in an email could redirect to a fraudulent site. If a Capital One customer should receive a suspicious email claiming to be Capital One, avoid clicking on any of the links. Send the email to firstname.lastname@example.org and then delete the email.
Citi Cards is reminding customers to verify every Citi email that they receive by checking the security zone at the top portion of the email, which includes a customer's first and last names, last four digits of a customer's account number and a "member since" date.
Consumers with stolen email addresses could be targeted in email fraud known as "phishing." These emails include links to sites that appear to be well-known legitimate businesses but are actually run by thieves. Clicking on a link will redirect your browser to a fraudulent website where any information you provide will go straight to the criminals.
Sometimes, clicking on a link will activate malicious software such as programs that log your key strokes and send them to computer crooks.
If you think you may have provided personal financial information or clicked on links in a suspicious email, contact your bank or credit card company immediately.
Change your online password and the security questions associated with your bank or credit card accounts. Check your financial accounts for suspicious activity and update and run antivirus software on your computer.
For more information on email fraud or phishing, check out this feature from Bankrate.com.
The best way to guard against fraudsters is to stay on the alert. Get in the habit of monitoring your bank statements and credit card statements on a regular basis and report any unusual transactions to your bank or card issuer.
Be sure to keep your contact information with your bank or credit card issuer updated. If they don't have your current phone number, they may have difficulty reaching you if a suspicious charge appears on your account.
Make copies of the customer service number from the back of your debit card and credit cards. And keep this list separate from your purse or wallet.