And the hits just keep on coming for Epsilon
April 3, 2011 by admin
Filed under Breach Incidents, Business Sector, Financial Sector, Hack, Of Note, Subcontractor, U.S.
Note: CBS reports that the Secret Service is investigating the Epsilon breach. If you receive a phishing attempt that you want to report to the Secret Service, email phishing-report@us-cert.gov. You can also file a report at http://www.ic3.gov/default.aspx. I’ll add businesses to the list of affected customers as I become aware of them, so check back if you want to see what else has been reported. See Brian Krebs’ commentary on the fears about spear phishing as a result of this breach.
- 1-800-FLOWERS
- AbeBooks
- Abercrombie & Fitch (WFNNB)
- AIR MILES Reward Program (Canada)
- Ameriprise
- Ann Taylor (WFNNB)
- AshleyStewart (WFNNB)
- Avenue (WFNNB)
- Barclays Bank of Delaware
- Beachbody
- Bealls (WFNNB)
- bebe
- Best Buy
- Best Buy Canada Reward Zone
- Benefit Cosmetics (see below)
- BJ’s Visa (Barclays Bank of Delaware)
- Brookstone
- Capital One
- Catherine’s (WFNNB)
- Chadwick’s (WFNNB)
- Charter Communications
- Chase
- Citigroup
- City Market
- College Board
- Crate & Barrel (WFNNB)
- Crucial
- David’s Bridal
- Dell Australia
- Dillons
- Disney Destinations (The Walt Disney Travel Company)
- Domestications (WFNNB)
- Dressbarn (WFNNB)
- Eddie Bauer Friends
- Eileen Fisher (doesn’t name Epsilon but same template letter)
- Ethan Allen
- Eurosport Soccer (Soccer.com)
- Express card (WFNNB)
- ExxonMobil Card (Citi)
- Fashion Bug (WFNNB)
- FINA (WFNNB)
- Food 4 Less
- Fred Meyer
- Fry’s
- Gander Mountain (WFNNB)
- Giant Eagle Fuelperks! (WFNNB)
- GlaxoSmithKline Consumer Healthcare (GSK)
- Goody’s (WFNNB)
- Hilton Honors
- Home Depot Card (Citi)
- Home Shopping Network (HSN)
- J Crew (WFNNB)
- J.Jill
- Jay C
- Jessica London (WFNNB)
- JPMorgan Chase
- Justice (WFNNB)
- KingSize Direct (WFNNB)
- King Soopers
- Kroger
- Lacoste
- Lane Bryant (WFNNB)
- L.L. Bean Visa (Barclay’s)
- M & T Bank
- Marriott Rewards (FAQ on site)
- Marks & Spencer
- Maurice’s (WFNNB)
- McKinsey Quarterly
- MoneyGram
- MyPoints Reward Visa
- New York & Company
- NTB Card (Citi)
- One Stop Plus (WFNNB)
- PacSun (Pacific Sunwear) (WFNNB)
- Palais Royal (WFNNB)
- Peebles (WFNNB)
- Polo Ralph Lauren
- PotteryBarn/PotteryBarnKids (WFNNB)
- Quality Food Centers (QFC)
- QualityHealth
- RadioShack (WFNNB)
- Ralphs
- Red Roof Inn
- Reeds Jewelers (WFNNB)
- Ritz-Carlton (FAQ)
- Robert Half International
- Scottrade
- Sears (Citi)
- Shell (Citi)
- Smile Generation Financial
- Smith’s Food & Drug Centers (Smith’s Brands)
- Sportsman’s Guide (WFNNB)
- Stage (WFNNB)
- Stonebridge Life Insurance
- Target
- Tastefully Simple
- TD Ameritrade
- The Limited (WFNNB)
- The Place (Citi)
- TIAA-CREF
- TiVo
- Trek (WFNNB)
- United Retail Group (WFNNB)
- US Bank
- Value City Furniture (WFNNB)
- Verizon
- Victoria’s Secret (WFNNB)
- Viking River Cruises
- Walgreens
- Woman Within (WFNNB)
- World Financial Network National Bank
Note: WFNNB stands for World Financial Network National Bank . WFNNB is a subsidiary of Alliance Data Systems, the same company that owns Epsilon.
Thanks to all those who have copied and pasted in the emails you have received. If you have something you think I’m missing, please check the list first to see if I already have the name of the company and a working linked copy of the notice. If not, post away!
UPDATE 4-08-2011 I deleted a number of submitted comments because they are describing phishing attacks that have nothing to do with the Epsilon breach. Phishing attempts appearing to come from FedEx, DHL, etc., are old news and while you should continue to be alert so as not to fall for them, this list is only for notices that people received concerning the Epsilon breach or evidence that a phishing attempt is because of the Epsilon breach (e.g., if you used a unique email address for a company and now get a phishing attempt at that address after you were notified of the Epsilon breach).
Email address to report phishing attempts corrected. It is phishing-report@us-cert.gov
UPDATE 4-09-2011: If you’re first receiving a notice from a firm not previously mentioned on this list, please let me know the date of the email, too. There are a few entities that have been reported that do not appear on the list yet because I do not have copies of their notices or links to web sites where they are posted. Sometimes people say one thing but when they check, it’s another company, so I need to wait for some proof before posting.
UPDATE 4-09-2011 It seems that overnight, World Financial Network National Bank (WFFNB), a subsidiary of Alliance Data Systems – the same company that owns Epsilon – removed the email security notice that they had linked to from a number of their store credit card sites. If I was paranoid, I might think that they removed it because I was linking to it. In any event, links from the above list may no longer work.
Benefit Cosmetics. What’s significant about their report is that they appear to be former clients of Epsilon, raising the question of why their data were on the compromised server. Did the breach occur while they were still clients or did Epsilon not remove their data from their server after they stopped using their service?
An email sent to DataLossDB who shared it with this site, read:
While we wish this was about lipstick, we have important news regarding your email address.
We were just informed by a former email vendor that the database with our customers’ names and email addresses has been compromised by an unauthorized person. The only information at risk is your name and email address.
The vendor has assured us that "a rigorous assessment determined that no other personal identifiable information associated with those names was at risk. A full investigation is currently underway." This data breach has also affected several other companies that work with this vendor.
I too receive an email that Epsilon has my email addresses from my creditor but I just ignore it, I did not realized that this really big issues. How to get rid of this Epsilon when they already have our email addresses or info of our creditor?
Good question. I’d say contact your creditor, tell them that you’re furious with them for using Epsilon and that you want them to get your data totally removed from Epsilon if they want to keep your business. Not just opted out, but removed. And that you never want any of your information sent to Epsilon again.
It’s worth a shot.
Thank you for your reply earlier.
I just got an email from Home Depot saying my email had been changed. I called immediately and they said “someone” logged into my account two days ago although nothing seemed to be changed. I was furious that they never notified me of being part of this breach. His comment was that they only notified those emails that were breached. Any email account with them should have been notified as we see now “someone” logged in??? He could care less.
I closed my card with them.
I also want to paste an email below to see if this (Career Builders) could be part of this mess: maybe not but I didn’t like the comment “So, it is strongly recommended for you to give us the necessary information about yourself ASAP”
From: “Merrill Christensen”
To: (my email appeared here)
Sent: Thursday, April 7, 2011 9:07:36 AM
Subject: Work for (my name appeared here)
To whom it may concern, my name appeared here.
Our company is pleased to offer you the capacity of Secret Shopper in MarketPlace Force Shop. After coming across on your resume at CareerBuilder online. Our staff office did its best to scrutinize your autobiography and remained to be pleased. We hope that your skills will be among our most valuable assets.
Necessary Criteria for being employed:
Age: older than 24
Internet access
3-5 hours of free time every day for taking your professional capacities
Certtificate of no criminal record
Job Benefits:
As it goes, Secret Shopper is an ideal way for employees to draw profit in the process of providing feedback, making comments, making of, commenting out to organization. This is a real potential for you to get to the top of the career enjoying things you like above all. For instance, one may lunch in cafe or purchase things in shops reveling in life and helping corporation at the same time.
Remuneration:
Your every month wages may reach $1,500-2,000.
Time Limitation of the Position:
On account of the great amount of designees for this position, this capacity is time-bound. So, it is strongly recommended for you to give us the necessary information about yourself ASAP.
To become the contributor of our establishment:
Please go to our site: MarketPlace Force Shop
Register yoursel
Download, read browse thoroughly a contract and underwrite it without fail.
Tell us the closest Walmart shop to you. Specify the exact address. Five shop are max.
In underwriting this employment offer, you confirm that your work will be on at-will basis and waive any complaints against MarketPlace Force Shop and its staff.
About MarketPlace Force Shop:
Our corporation is drawn in collaboration with other corporations to make better grade on an international scale by applying anonymous resources. We work in a team with over 300 businesses world-wide. Our main work includes marketing and cooperation with merchandising firms, private investigation companies, training organizations and other establishments that are drawn in Secret Shopper services. Our member corporations deal with their consumers in order to ascertain the medium of modernizing level of service industries.
Regards Best wishes
1.If that email address was linked to your Citi-issued Home Depot Card, you might want to call Citi and tell them what happened and ask why you hadn’t been notified – and that maybe they need to notify more people, etc. It sounds like you spoke to Home Depot, but it was Citi that sent out the notifications about Home Depot cards/email addresses.
2. To all readers: if you get an email alert/notice – learn to check the headers and path of incoming email so you can determine if the email is really from the person in the “From:” line. If in doubt, look up the phone number of the company or use the phone number on your credit card to call them – not any phone number given in an email.
3. Your other email sounds like a scam/phishing attempt. Unless it was linked to a breached email address, it’s hard to know why you got it now, but you were wise not to respond to it.
3.
Thank you. You are an awesome help and doing an excellent job!
The British press were also reporting that Play.com and Tripadvisor are customers of Epsilon.
Then with all due respect to the British press, I think they’ve erred. As far as I know, Play.com uses SilverPop, while TripAdvisor.com uses ExactTarget.
If I’m wrong, I hope Neil Schwartzman of CAUCE jumps in to correct me as I need a scorecard by now to keep all of the client-ESP relationships and breaches straight! Or even better, maybe Play.com, TripAdvisor.com, SilverPop, and/or ExactTarget will jump in if I’ve unintentionally erred.
Note that I’m not saying that Play.com and TripAdvisor.com haven’t had recent breaches. They have. I just don’t see any evidence that those breaches are Epsilon-related.
Epsilon was part of equifax until the data part of the business was bought/sold.
This could be worse then you want to think about.
True, but until forensics are in, we really don’t know whether this was “just” names and email addresses, either, do we?
It is NOT just email addresses as I found out today. I would like accountability as well. I am furious at this mess and lack of security measures as well as the complete STRESS this has caused me now that my BANK called to say they had to shut down my card due to fraudulent activity apparently from this mess at Epsilon. All the companies that were involved having my email sent me emails about this breach. Even more furious that all the emails say only my email was affected NOT any financial information which is TOTALLY FALSE! I received a call from my bank as well as sister from a totally different bank that they had to close our debit/credit cards due to fruadalent activity from Portugal and Oklahama immediately after I was notified of Epsilon having my emails breached by several of their companies. Be aware that your credit cards have been breached.
What/which bank called you? Was this a store-branded credit card? If so, which store?
Citadal and TD Bank called my sister and I with this type of activity. Both of us previously received emails from companies about Epsilon and getting our emails.
If it helps: Two of charges (and the bank said ALOT of other members)are mostly seeing charges from Portugal and Oklahama. The charge from Portugal was only for $69 so they are thinking if it’s not large people won’t notice. It was from a company named Asaberas according to the bank. The OK. charge was from a place called the Cliff for slightly more money. If anyone has similar charges, please comment. I am going to report this to Epsilon as well as I have been calling all the companies affiliated with my account information to notify them as well. This is no coincidence.
I know you may not want to hear this, but what you’re describing could be simply a merchant breach – like a hack of a restaurant or retailer – or even ATM skimmers at gas stations. I’ve had reports from a few areas around the country where we don’t know where the breach was yet but there have been a number of fraud reports. If you want, email me privately and tell me what city/state or part of the country you’re in and I’ll let you know if there are other reports from your area that pre-date the Epsilon breach. Or you could search the rest of DataBreaches.net for your state to see if I’ve recently reported any breaches.
Thank you for the info but I believe this is due to this breach. This was NOT a store branded credit card.
This is too much of a coincidence that both my sister and I received emails re: Epsilon from companies we deal with then two different banks for each of us called us with these fraudulent charges right after this happened. If anyone else has charges from Portugal, please let me know. I will find out if this is from Epsilon. Keep an eye on your charges.
I was informed there are alot of consumers with the same charges,that is how they had it flagged and called me before it hit my account.
I am outside of Philadelphia, PA.
Do you work for Epsilon? I ask since you say “you get reports from areas around the country where WE (plural) don’t know where the breach was yet”. Your signature “admin” gives me the impression you work for a company that is dealing wit this breach?
Do I work for Epsilon?! Surely you jest. The “admin” means that I am the administrator of THIS blog, DataBreaches.net, a non-commercial blog set up to inform the public, researchers, and interested policy makers about breaches going on all over on a daily basis.
The “we” refers to me and people in other organizations who also get reports of, tips about, and track data breaches. I’m a curator for, and researcher for, the Open Security Foundation/DataLossDB project (http://datalossdb.org) and network with the Identity Theft Resource Center and others. Sometimes we get leads or hear things that do not get posted publicly because there’s not enough details or information yet and we may check around with each other to find out if anything knows anything more. If you were a regular reader of this blog, you’d see that there are often media reports about a rash of card fraud where cards are being used outside of the consumer’s state or country. The media reports the rash of breaches even though law enforcement locally and nationally has not yet figured out what the common point of compromise was in the breach. I’m just pointing out that your situation may be one of those situations.
There have been a lot of people claiming all kinds of things in the aftermath of the Epsilon breach. Some of them may be correct in attributing it to the Epsilon breach, but many of them may just be attributing other breaches to Epsilon.
Timing isn’t everything. Some things are coincidences. Breaches go on all of the time. Maybe eventually you’ll learn whether what you experienced really does flow from the Epsilon breach. If you do, I hope you’ll let us know. For now, though, I just want people to keep in mind that not all spam and not all card fraud and not all phishing attempts are due to Epsilon, who have a heck of a lot to answer for even without these reports.
I found an e-mail in my spam box that I havent seen before from Express Delivery, I dont know if it has to do with this, but I didnt see them on the list and thought I would post it just in case, it came with an attachment to download(which I did not)–
from–
ExpressDelivery system
Dear customer
The parcel was sent your home adress
And it will arrive within 10 business days
More information and the tracking number
are attached in document below.
Thank You
© Delivery Express 1995-2011
Phishing attempt yes, but it’s hard to know whether something is truly linked to any specific breach or source unless the email was sent to an email address that the consumer used for one – and only one – store or merchant.
I’ve received “ExpressDelivery” phish prior to the Epsilon Breach, so there’s no connection there. It’s also probably not unreasonable to assume that phishing attempts which stem from the recently leaked Epsilon data would more aggressively use some of the data at their disposal (i.e., addressing you by name and posing as one of Epsilon’s affected clients).
The USPS should also be on this list. I received a similar email at Janie for a package that I didn’t order.
USPS should not be on this list. This list is for entities affected by the Epsilon breach – not for all garden-variety phishing attempts. Let’s keep the purpose of this list in mind, please.
This is a RBC Bank rewards Phishing email. The link you posted to send an email to report the phishing attack is invalid. I.E. phishing-report@us.cert.gov It was returned undeliverable…
Here is the sender info from the email…
RBC Rewards [RBCSupport=rbcbankusarewards.com@mcsv158.net]; on behalf of; RBC Rewards [RBCSupport@rbcbankusarewards.com]
I have never received a quartley RBC rewards email before yesterday…
The correct(ed) email address to report a phishing attempt is phishing-report@us-cert.gov. Sorry for the typo in the address.
I haven’t seen RBC Rewards listed anywhere as being involved in the Epsilon breach. If you see anything like that, please let me know.
I love that in the notifications that were received we were advised on how to keep our data safe. Wouldn’t it have been better to include some detail on how THEY were going to keep our data safe.
I can’t agree more. They are responsible for this. As I said earlier… technology changes too quickly before they update security measures.
This sharing of information probably falls within the Privacy policies of these companies. They’re all a little different, but very similar. I, of course, can’t keep up with each companies policy and sometimes you can opt out of some of the info sharing, but I think it’s more on the marketing side. My understanding is that Epsilon does some type of data processing for these companies and probably the only way to avoid them would be to not do business with these companies. That being said, then you go to another company and I’m sure the same potential probably exists there, as well.
Sharing which companies are affected and sharing the emails/names are entirely two different things. THE FORMER NEEDS TO BE DISCLOSED.
We have a petition going demanding accountability from Epsilon, et. al. regarding this whole mess at epsilonbreach.com .
Please add me to the petition and keep me updated. thanks
I recieved a letter from Buckle as well.
You received a letter from Buckle about the Epsilon breach? If so, please copy/paste the contents in here.
What about guys who have registered in the casinos online, are they also affected. cause i have registered my credit card ib one of them and my identity to many of the casinos. Will they breach the information?
I haven’t seen anything that lists any casino clients. Of course, Epsilon hasn’t disclosed exactly which clients are affected and whom they notified. It’s possible that they notified a company that decided not to notify its customers. That said, Epsilon insists that the only data acquired were the name and email address associated with it.
And reward points in MANY cases.
Thanks but that’s already on the list.
I am frustrated by this breach of privacy. Who even knew that they had access to this information from so many companies. I have received multiple emails from CollegeBoard, Chase, and Scottrade about this and it is scary and troubling. I wish everyone affected would download the ComplainApp from http://www.complainapp.com or the android marketplace and let Epsilon know what they think about it.
Note that users should investigate ALL apps carefully as many have their own privacy issues or concerns.
You can add two more to this list. I got notices today from M&T Bank and Quality Health.
Could you post the date and text of the Quality Health notice? I haven’t seen that one yet.
You might want to add livestream.com to the breach list.
Quite possible that (livestream.com) may be handled by the same sub or Epsilon directly. Got an email today for their “Spring Cleanup” but the links in the email are identical, dead, and the domain name is :
list-manage.com
the full link:
http://livestream.us1.list-manage.com/track/click?u=75fxxhghb40xxxxxxx3xxx42xxxxx=127xxxxx&e=03c0bcxxxd
xxxx’s were added justin case those numbers could be used in the wrong way.
Also, other than having the email and username correct (also taken out for possible security reasons), the links provided are identical (carbon credits and spring cleanup are indentical, too), links are all dead, too. NO mention anywhere in the site for this new Spring Cleanup as it is called. No mention nor concern in their forum. No messages from the admin or the company – something this important one would think a mass internal account email would have been part of the push, if true.
livestream is pretty big, and I can see some validity and logic in requiring ust what the email asks for, however no mention anywhere on their site is too odd.
You’re the first to mention them. That tracker ID doesn’t work because of the redaction. Could you possibly post the text of the email you rec’d with the date of their email to you? Omit your name and email address, of course.
OK, I traced it back to MailChimp. Perhaps they too are breached?
MailChimp? That’s interesting if you were using a vendor-specific email address, as it seems you were from another one of your comments. As I mentioned, the url you provided doesn’t work due to the redaction. Could you either post what you got (redact your name but leave any +tag unless it reveals your identity), include the date and their message and sig.
There have been a number of breaches involving ESPs. MailChimp is not among the names I’ve seen mentioned, but it’s worth checking into, certainly.
Please however, keep in mind, the email sent did have our correct username and exact email (normalstring+extrastring@live.com)
M and T bank as well:
http://www.emmanuelcomputerconsulting.com/archives/2932
Thank you – adding them now.
I did some digging due to the email notifiers I was getting and there are more clients that Epsilon hasn’t publicly admitted to:
http://defendourfree…nformation.aspx
Epsilon and Personal identifying Information
http://defendourfree…of-epsilon.aspx
Reed Elsevier is a Customer of Epsilon
http://defendourfreedoms.net/2011/04/07/another-customer-of-epsilon�equifax.aspx
Another Customer of Epsilon is Equifax
From reading their press releases on these other clients, Epsilon does telecommunication contacts as well as direct mailing. So that means they have more then emails and names. They also had some joint releases with their parent, Alliance Data. Alliance Data works with FirstData in payment and billing processing. If that is a shared database with Epsilon, then they have financials. Epsilon’s TotalSource Plus database software system says it is a centralized database. Software description posted here: http://defendourfreedoms.net/2011/04/09/epsilons-total-source-database.aspx
Epsilon has many clients, but they’ve said that only a small percent of their clients were affected by this breach. If you know of specific clients that were affected by the breach that have not been included in the list I have compiled, let me know, but with over 2,000 clients, just mentioning who their other clients are doesn’t really add anything. Similarly, there’s no doubt that these other databases exist, but Epsilon and ADS deny that they were breached. Do you have any indication that they have been breached?
I have no indication that anything more happened then what they stated. I have personal knowledge of how database bases in general work and my point of posting their information on the TotalSource Plus software they use to manage their data counters what they have said publicly. So my posts are for all of us to take that under advisement. Their information says their data is centralized. That means the mailing is not a separate database.
Ah, now I understand why you posted that. Thanks for clarifying.
How many more do you think have been affected by the breach?
Please add Polo Ralph Lauren to your Epsilon-breach list.
Just got this email msg, Wed. April 13, 2011, 8:40PM from Ralph Lauren Customer Assistance:
============================================================================================
From: Ralph Lauren Customer Assistance
Subject: Important Message from Polo Ralph Lauren
Date: Wednesday, April 13, 2011, 8:40 PM
RALPH LAUREN CUSTOMER ASSISTANCE
If you cannot view this message, click here.
To our valued customers,
Polo Ralph Lauren’s former email service provider, Epsilon, recently informed us that an unauthorized third party gained access to an Epsilon email application and obtained names and email addresses of Polo Ralph Lauren customers. We have been informed by Epsilon that the company took immediate action to address the system vulnerability and is working with the U.S. Secret Service to investigate. We regret that you may have been affected by this.
Epsilon has assured us that no information other than name and email address was acquired by the unauthorized third party. No payment card information or Polo Ralph Lauren account information were acquired as a result of this incident. Nevertheless, we strongly encourage you to remain vigilant when reviewing emails that you receive, particularly emails that request sensitive personal or financial information. We take our obligation to safeguard your personal information very seriously and, therefore, we are alerting you so you can take steps to protect yourself.
Consider these tips to help protect your personal information online:
• Do not provide sensitive personal or financial information using email. Email is not a secure method for transmitting such information. Please be aware that Polo Ralph Lauren does not send emails to its customers with a request to provide or verify sensitive personal or financial information.
• Do not open emails from senders you do not know.
We hope this information is useful to you and regret any inconvenience this may cause you. Please do not hesitate to contact our customer service center at CustomerAssistance@RalphLauren.com if you have any questions at all.
Sincerely,
Ralph Lauren Customer Assistance
Privacy Policy
RalphLauren.com is a trademark of PRL USA Holdings, Inc.
This e-mail was sent by Polo Ralph Lauren Corporation, headquartered at 650 Madison Avenue, New York, NY 10022.
Please address questions regarding our privacy policy to our Chief Privacy Officer, 625 Madison Avenue, Floor 8, New York, NY 10022.
Added – thanks. April 13 seems a bit later compared to other notifications. I wonder when Epsilon notified them.
Does anyone know if this is a phishing attempt from the Epsilon breach?
I sent a msg to Hilton about “anything@example.com (see below), because I’m not sure if it’s a legitimate auto-response email address for “Forgot password?” on the Hilton website. So far, I haven’t heard back from Hilton.
After I received the Epsilon-breach msg from Hilton Honors, I received email messages about signing up for Bonus Points. I forgot my password, since I don’t sign-in often. Below are the auto-response messages that I received after entering my username and email address into a form that automatically appears after I clicked on “Forgot password?” on the Hilton.com site.
Unread anything@example.com Password Request Tue, 4/12/116KB
Unread anything@example.com Password Request Tue, 4/12/116KB
Read hiltonnet@hiltonres.com Password Request Tue, 4/12/116KB
Read Hilton HHonors 1,000 extra Bonus Points every night you’re our guest Tue, 4/12/1116KB
I want to make hotel reservations, but I’m afraid (after I requested my password on the Hilton site) that my password and personal info on the Hilton site have been obtained by whoever/whatever is behind the Epsilon breach. I’m hoping someone can tell me that I shouldn’t be afraid or concerned. Please let me know if you were me if you would use your Hilton Honors username and password on the Hilton site to make reservations. Thank you.
If you went to the site on your own instead of clicking on a link in an email and saw the promotion on Hilton’s site and clicked on that link, it’s not likely to be a phishing attempt. But as to your concern about the peculiar auto-responder addresses: when in doubt, pick up the phone and call them to conduct a transaction.
Your experience is pointing out yet more of the damage that the Epislon breach has done in terms of consumer trust. How many businesses may be losing money because people are afraid to respond to emails….