The Better Business Bureau is warning businesses and consumers to beware of potentially malicious e-mails stemming from one of the biggest security breaches in U.S. history.

Epsilon, an online marketing unit of Alliance Data Systems Corp, announced that information obtained by hackers was limited to client names and e-mail address.

The breach could impact the customers of some of the nation’s largest retailers and banks including: Best Buy, Kroger, Walgreens, JPMorgan Chase, and Capital One. Information obtained may be used in e-mail phishing attacks targeting unsuspecting customers for credit card numbers and social security verification.

“It’s fairly common for identity thieves to impersonate credible organizations with what appears to be legitimate email messages seeking to verify account information,” said Steve J. Bernas president and CEO of the Better Business Bureau serving Chicago and Northern Illinois. “Along with attempting to get personal information phishing attacks are often the source of potentially harmful computer viruses.”

The BBB recommends the following procedures to avoid becoming a victim of identity theft:
Never provide personal or financial information to anyone who contacts you without verifying who they are. If you have reason to think you have been contacted by a company or bank that you have a relationship with, pull out your original documentation and contact them using the phone numbers or Web sites that are listed on your contract or statement.

Never give personal information, including Social Security, bank or credit card numbers, over the phone or via e-mail to an unknown telemarketer, or anybody else without a specific need to know.

Legitimate businesses do not send e-mails claiming problems with an order or an account. If a consumer receives such an e-mail, the BBB recommends placing a call to the contact number on the Web site where the purchase was made to confirm that there really is a problem with the transaction or account. Always verify the Web site you are on is genuine.

If you receive an e-mail from a company with whom you do business with and need assistance in determining whether or not it is legitimate, contact the BBB directly at

For more advice on how to protect yourself or your business from malicious online attacks and data breaches visit