Shop at Best Buy? Security Breach May Have Leaked Your Info

BestBuy Reward Zone

Make sure your scam and spam filters are on high alert if you have shopped with Best Buy. I just received an e-mail informing me that my e-mail address may have been stolen.

Update: In the comments, ruwackd is reporting similar e-mails have been sent to TiVo and Disney customers.

Dear Valued Best Buy Customer, 

On March 31, we were informed by Epsilon, a company we use to send emails to our customers, that files containing the email addresses of some Best Buy customers were accessed without authorization. 

We have been assured by Epsilon that the only information that may have been obtained was your email address and that the accessed files did not include any other information. A rigorous assessment by Epsilon determined that no other information is at risk. We are actively investigating to confirm this. 

For your security, however, we wanted to call this matter to your attention. We ask that you remain alert to any unusual or suspicious emails. As our experts at Geek Squad would tell you, be very cautious when opening links or attachments from unknown senders. 

In keeping with best industry security practices, Best Buy will never ask you to provide or confirm any information, including credit card numbers, unless you are on our secure e-commerce site, If you receive an email asking for personal information, delete it. It did not come from Best Buy. 

Our service provider has reported this incident to the appropriate authorities. 

We regret this has taken place and for any inconvenience this may have caused you. We take your privacy very seriously, and we will continue to work diligently to protect your personal information. For more information on keeping your data safe, please visit: 




Barry Judge 

Executive Vice President & Chief Marketing Officer 

Best Buy


  • I received this as well, but

    I received this as well, but unfortunately it isn’t just Best Buy customers who need to be concerned as I received almost an identical email from Tivo and Disney as well.


  • It’s not just these, Epsilon

    It’s not just these, Epsilon serves TONS of customers.  Kroger, Target, Hilton, Marriott, Citibank, US Bank, and many others. I just received an email from Hilton this afternoon.

  • Chase as well.  I’ve received

    Chase as well.  I’ve received at least 15 e-mails from services that use them.  I am honestly not very concerned with it.

    What I’d love to see is a list of Epsilon customers to see which ones haven’t notified me.  That I would be pissed about.

    • I’m not too worried about it

      I’m not too worried about it either, but it does make targeted phishing attacks that much easier if the attacker knows you do business with a particular company and can then craft a legitimate looking scheme.

      If I am not mistaken, institutions are required by law to notify you within a certain amount of time if your personal information has been comprimised. This may vary by state though.

  • I got one in the mail today. 

    I got one in the mail today.  I trashed it out of habit (assumed it was spam or just junk mail from the company) but it fished it back out to read it after seeing the breach info on news sites.  Not really worried, with the way my accounts are set up they’d have a very hard time fishing me off my email.  Now if they had my home mailing address they might create a bit more trouble for me.

  • I got an e-mail from Tivo,

    I got an e-mail from Tivo, Inc., over the weeked informing me of the Epsilon breach.  Epsilon also services JPMorgan Chase, as well as many others, who happens to handle my corporate VISA card.  I’ll be interested to see how this pans out in the long run.

  • I’ve gotten about 6 of these

    I’ve gotten about 6 of these emails the past few days. Apparently everyone uses Epsilon haha.

  • George L. Schmauch Jr.

    That explains how all the

    That explains how all the other companies get our data.  “We only share your information with TRUSTED partners [like the company which sends marketing materials for the entire industry].”  😉

  • This is just insane, now

    This is just insane, now internet community won’t have a peace of mind for quite a while unless something is done. I can’t help being paranoid myself, as my e-mail address was also currently being mailed with spam messages after receiving a legit-looking mail from some victim companies. Yell You can easily find the list of companies that got in this mess because of Epsilon security breach through search engines, but the baffling thing is that the list continues to get longer. I found some related article here: Epsilon database hack exposes million to phishing attacks. Ugh, someone trace those darned hackers down!

  • George L. Schmauch Jr.

    Sadly, nothing will be done

    Sadly, nothing will be done about this.  There’s far too much money being sent to DC by these huge corporations to ever hope something will be done.

  • Gmail does such a good job at

    Gmail does such a good job at filtering spam that I’m not really concerned. I can’t remember the last time an email actually got through, and I already get tons a day so what’s a few more 😉

  • +1 for gmail. Every few

    +1 for gmail. Every few months I feel the need to click on the spam folder and delete the thousands of messages in there. I actually got a few of the Epsilon emails from accounts I thought were long gone, e.g. Blockbuster.

  • All i was hearing is about

    All i was hearing is about SOPA and PIPA. Now the content has declared as intlectual property and you cannot use it for spaming.