Target "acquires data"


It was our priority to inform as many guests as quickly as possible. Relevant emails were pulled from a variety of sources.

It looks like Target is mailing data that was never given to them in an effort to “inform” customers of the data breach.
There are lots of problems with how Target is managing this email campaign. The first is in delivery. They’re hitting thousands of traps on one small part of dedicated traps at Spamhaus. They’re also blocked at Spamcop and have hit over 70 traps in the last 24 hours. Senderscore shows the IP has almost 100 trap hits as well, and a high unknown user rate.
On top of that, when we called the number Target gave us in the email, the phone rep told us that the address the mail was sent to was not in the Target database. Thus, she concluded, that the mail was actually a phishing email. Now, I don’t believe it was a phish, I think it was legitimate. But you can’t have your front line folks answering the phone telling people the mail you sent out was phishing.
There are a number of other problems with this mailing, that we’re still cataloging and will report on next week.
Overall, though, the email handling of this notification was a total failure on Target’s part.

About the author


This site uses Akismet to reduce spam. Learn how your comment data is processed.

  • The ESP behind this should be exposed. They may be legally culpable and they really need to step up here.

  • Strange indeed. I was wondering how / why they e-mailed me. I didn’t shop in the store during their breach. I never signed up for their newsletters or shopped online with them. There is no way they have my e-mail in their database.

  • The ESP is Bigfoot Interactive / Epsilon. That wasn’t hidden in the original post, but was pointed out this morning.

  • Laura, do I understand correctly that you are suggesting Target hired an email appender? Certainly your experience and that of Matt Soreco suggests it. If they did, then Target spammed those notices about its data breach. :/ I’ve been traveling for a few days and have not checked my spamtraps. I will do so when i get home…. I cannot imagine a more irresponsible, idiotic action that spamming users after a data breach, though. How are users to tell legitimate emails from phishes?

  • I think that hiring an email appender is one of the few stupid things that Target didn’t do. Instead, I think they’re sending this mail to every email address they’ve ever had access to, whether they had any actual relationship with it or not.

  • Gotcha, Steve. I posted an update to my blog. They mailed a REALLY dirty list, in any event — I found several dozen spamtrap hits when I searched all days for this stuff. :/

By laura

Recent Posts


Follow Us