First it was TiVo, now Chase.

Posted on 60

Earlier this week I wrote about how apparently my TiVo account had unfortunately lead to my email address being compromised.  You can read about it here.  Apparently the issue is much more widespread than originally thought.  This morning I received my second warning from a company with whom I do business.  This time it was Chase.

Apparently Chase, TiVo and many other companies use a 3rd party email distributor.  The company in question is called Epsilon.  It was Epsilon who was breached by an “outside person”, who accessed files that included e-mail addresses.  The other “files” that were accessed are still unknown.  This is the message I received from Chase regarding the Epsilon breach…

As with the TiVo message, Chase warns about the possibility that I’ll be receiving SPAM emails.  And, that I should not respond to them.  It’s a bit ironic that Chase’s warning comes via, you guessed it, email.

Chase does warn that they will not request any sort of personal information via email, which serves as a warning that the data thieves could use the email addresses in an attempt to “trade up” from simple email addresses to actual account and financial related information.  Since Chase is a bank the logical tactic would be to send the Chase customers (those whose email addresses were exposed) emails asking them to confirm certain sensitive identification or account information.

John Ulzheimer is the President of Consumer Education at, the credit blogger for, and a Contributor for the National Foundation for Credit Counseling.  He is an expert on credit reporting, credit scoring and identity theft. Formerly of FICO, Equifax and, John is the only recognized credit expert who actually comes from the credit industry.  Follow him on Twitter here.