This morning I received an email from DD with no message. I went on the web and found the following:
Dear Guest,
We have been informed by one of our email service providers, Epsilon, that your email address was exposed by an unauthorized entry into that provider’s computer system. We use our email service providers to help us manage the large number of email communications with our guests. Our email service providers send emails on our behalf to guests who have chosen to receive email communications from us.
We regret that this incident has occurred and any inconvenience this incident may cause you. We take your privacy very seriously, and we will continue to work diligently to protect your personal information.
We want to assure you that your email address was the only personal information we have regarding you that was compromised in this incident.
As a result of this incident, it is possible that you may receive spam email messages, emails that contain links containing computer viruses or other types of computer malware, or emails that seek to deceive you into providing personal or credit card information. As a result, you should be extremely cautious before opening links or attachments from unknown third parties or providing a credit card number or other sensitive information in response to any email.
If you have any questions regarding this incident, please contact us at (407) 560-2547 during the hours of 9:00 am to 7:00 pm (Eastern Time) Monday through Friday, and 9:00 am through 5:00 pm (Eastern Time) Saturday and Sunday.
Sincerely,
Disney Destinations


Did anyone else get this email?

Yes, I got two of these this morning too. I am pretty upset that they can't manage to keep our information private.

I'm peeved too, you'd think a big wheel like Disney could do better on this kind of thing!

yup, I got this also. Maybe they should send us out a REALLY great deal to make up for it, but I probably wouldn't open it thinking it was spam, lol.:D

Yes, I got it as well. Not thrilled.

I'm on my second so far... Disney and Tivo evidentally used the same service.

Considering all the other spam I get, I don't expect this to produce much more. As always, unless you are expecting it, you shouldn't open any e-mails.

We got one this morning. Come on Disney, send us a good deal to make up for your lacking security.:mickey:

me too

One here, too.

Yes, I got the same e-mail.I sent a response but Iam not sure if the mailbox is monitored.

I got one, too.

These types of emails are becoming way too frequent for my liking.

One more here. I can only imagine how many other services don't report it like Disney has here.

I got the same one! I just made a post about it.

I'm not happy about it. Too manythings can happen anymore with hacking, stealing one's identity. Wonder what they'll do if someone has some really negative repercusssions from it!

Me too. And I have multiple email accounts. Once one gets so spammy, I stop using it and have to start up another one. Lots of work. This one, the one I use with Disney, has been so clean... I'm sure it will be swamped in a few days with spam.

Also got it... and bummed because I get enough spam already :-/

:ditto:
:mad:

So far, no more spam than usual. :shrug:

Looks like JP Morgan Chase and Krogers customers should be getting emails as well.


Me too. And I have multiple email accounts. Once one gets so spammy, I stop using it and have to start up another one. Lots of work. This one, the one I use with Disney, has been so clean... I'm sure it will be swamped in a few days with spam.
I use gmail and I'm really happy with the spam filter. Not sure if it's been wrong yet.

Disney and College Board...received two emails....not good.

Looks like JP Morgan Chase and Krogers customers should be getting emails as well.


I use gmail and I'm really happy with the spam filter. Not sure if it's been wrong yet.

Yep, I received emails from Kroger and Disney Destinations. I hope it is just email addresses that were exposed.

I use Gmail, too, and love the spam filters. So far, they have worked great. Very rarely I do get a false positive, so I check the Spam label regularly to make sure nothing's been accidentally put there. I haven't had any false negatives yet.

Got an email too...at my OLD address. I swear, no matter how many times I update my email address with Disney, they still don't fix it in their system. Oh well, at least they didn't get my "real" email address. ;)

HSN was hit too. Wonder who else I will hear from.

Me, too! Not real thrilled about this.

I just read that Citibank and Chase are affected too. I sure hope my ISP has a good SPAM filter!!:mickey:

The past couple of days I have wondering why I've gotten so much Spam - email from Disney = mystery solved. Not happy but was glad that at this time it is only my email address. Remember a couple of years ago when all our information, if you were a Disney stockholder, was lost/stolened/mislayed/whatever, now that was a mess.

Add me to the list of those notified by Disney Destinations.

Got one too

My e-mail this morning was blank, glad i found these posts. I would never have known:thedolls:

I got a blank email this morning as well.
But no more spam than usual which I don't open anyways.

Got the blank one at one email address. Then the letter at another em address.

Wonder what's up with the blank ones people are getting?

I got it, too.


One more here. I can only imagine how many other services don't report it like Disney has here.Corporations are required by law to report any breach of their customer's personal information, so it's unlikely that any reputable company who had a breach wouldn't report it.


I'm not happy about it. Too many things can happen anymore with hacking, stealing one's identity.Well in the case of this particular incident, the only information that was compromised was your email address. That information is pretty readily available anyway, so it's not really that big a deal. You'll probably see a bit more spam and some phishing activity, but if you're properly protecting yourself you won't really be at any additional risk.


Wonder what's up with the blank ones people are getting?Yeah, that is strange because it was just a plain text email. It wasn't HTML or anything, so it shouldn't get blocked.

Yep, I got it too

I also got it! :(

I got the blank one this morning, one this afternoon with an offer to book a trip...seemed a little off, and then just another one with the letter at the top of this string...

Are they all spam? I hope they get this fixed pronto!

I got it also. I just hope it is only the email.

I haven't noticed anything yet. I'll let you all know if anything else occurs.

I got the same one and also from US Bank...

I got an e-mail from both Disney and Best Buy for their Rewards program . . .

Also got one from Ameriprise Financial.

Corporations are required by law to report any breach of their customer's personal information, so it's unlikely that any reputable company who had a breach wouldn't report it.

It depends on the state and the information. There's not a national data breach notification law (yet) and not all states have a notification law. Companies may have privacy policies that require them to report breaches (the FTC can enforce privacy policies, so if a company's privacy policy says they will notify and they don't, the FTC can hold them to that.) HIPAA (Health Insurance Portability and Accountability Act) requires a notification of a breach of protected health information for covered entities, and the HITECH (Health Information Technology for Economic and Clinical Health) act works along with this. GLB (Gramm-Leach-Bliley Act) requires a notification for covered organizations (mostly financial organizations.)
GLB, HIPAA, and HITECH do not cover all organizations, however.

I got an e-mail from both Disney Destinations and LL Bean Visa.

Seems like there was a lot of compromise with security over the weekend.

What a pain!

Julie:mickey:

yup, I got this also. Maybe they should send us out a REALLY great deal to make up for it, but I probably wouldn't open it thinking it was spam, lol.:D

I received one too. I like the REALLY great deal idea.

Got one from Disney and Chase. Hopefully it is just email accounts and no other personal information.

Add Best Buy Reward Zone to the list of hacked companies.

Did not get from Disney Destinations, though.

Received the same email this morning. Got a similar one last week from someone else (can't recall who).

Just found an article that lists the companies that got hacked:


Massive Breach at Epsilon Compromises Customer Lists of Major Brands
By Mike Lennon on Apr 02, 2011

Major Breach at Epsilon, the World's Largest Permission Based Email Marketing Services Company, Affects Wide Range of Major Brands - List Continues to Grow

Epsilon Hacked -- Customer Email Lists Stolen Due to the growing list of brands disclosing they've been compromised as a result of this breach, I’m going to go ahead and tag this as a massive breach. And I only expect it to get bigger as more announcements come out from Epsilon customers.

Last night we reported on a breach at marketing services provider, Epsilon, the world’s largest permission-based email marketing provider. Initially we wrote that the breach had affected Kroger, the nation's largest traditional grocery retailer.

It turns out that Kroger is only one of many customers affected by the breach at Epsilon.

Epsilon sends over 40 billion emails annually and counts over 2,500 clients, including 7 of the Fortune 10 to build and host their customer databases.

SecurityWeek has been able to confirm that the customer names and email addresses, and in a few cases other pieces of information, were compromised at several major brands including the following:

• Kroger

• TiVo

• US Bank

• JPMorgan Chase

• Capital One

• Citi

• Home Shopping Network (HSN) (added 4/3 @10:22am)

• Ameriprise Financial

• LL Bean Visa Card

• McKinsey & Company

• Ritz-Carlton Rewards

• Marriott Rewards

• New York & Company

• Brookstone

• Walgreens (Again!)

• The College Board (added 4/3 @8:20am)

• Disney Destinations

• Best Buy

• Robert Half Technologies


Some may dismiss the type of data harvested as a minor threat, but having access to customer lists opens the opportunity for targeted phishing attacks to customers who expect communications from these brands. Being able to send a targeted phishing message to a bank customer and personally address them by name will certainly result in a much higher “hit rate” than a typical “blind” spamming campaign would yield. So having access to this information will just help phishing attacks achieve a higher success rate.

A Marriott Rewards & Ritz Carlton Rewards spokesperson told SecurityWeek that their customer names, email addresses, and member point balances were exposed:

"We recently discovered that one of our third parties’ computer systems was tampered with. Tampering with our systems by an unauthorized person or persons is an illegal act and we reported this incident to a law enforcement agency who is currently investigating this matter. The unauthorized person(s) had access to email addresses and member point balances. They did not have access to member addresses, account logins and passwords, credit card information or other personal data," the spokesperson wrote in an email.

Correction: The Marriott Rewards spokesperson contacted us on Sunday to correct their initial statement, saying that member point balances were not disclosed after all.

Citi also warned customers over Twitter about the incident, Tweeting the following: "Please be careful of phishing scams via email. Statement from Citi for our valued Customers regarding Epsilon & email" with a link to the following statement: "Because e-mail addresses can be used for "phishing" attacks, we want to remind our customers that Citi uses an Email Security Zone in all our email to help them recognize that the email was sent by us. Customers should check the Email Security Zone to verify that email they have received is from Citi and reduce the risk of personal information being 'phished.'"

As the initial disclosure by Epsilon occurred late in the day on Friday, I expect several more brands to be announcing that they’ve been affected by the breach as well. When asked to comment, Epsilon has refused to provide additional details on what other brands may have been affected.

Got ones from Walgreens and Target. Didn't see Target on that list though unless they are part of another parent company. Didn't get one from Disney though.

I just got the Target one as well...

I got one from Disney, Hilton and Bebe and my husband got it from a couple other companies.

I am almost feeling left out. I have yet to get one from any of the companies that I do business with out of that list.

But that's okay, since I already get enough spam on my own.

I've received quite a few from various companies. I was surprised to see how many used the same vendor.

Received one from Disney Destinations and College Board. :mad:

I've received quite a few from various companies. I was surprised to see how many used the same vendor.
It really is an international issue. There are so many companies affected by this on both sides of our border as well as overseas.

I got tons of those e-mails. Apparently, most of my subscriptions use stupid Epsilon. Lovely.

I got tons of those e-mails. Apparently, most of my subscriptions use stupid Epsilon. Lovely.

I think so far I've gotten 6-7 notifications about this, but haven't noticed a change at all in the amount of spam I'm receiving.

I have not received a email from them since I had to change email address. Is there anyway for me to get back on their list?