BLOG

Target “acquires data”

It was our priority to inform as many guests as quickly as possible. Relevant emails were pulled from a variety of sources.
@AskTarget

It looks like Target is mailing data that was never given to them in an effort to “inform” customers of the data breach.

There are lots of problems with how Target is managing this email campaign. The first is in delivery. They’re hitting thousands of traps on one small part of dedicated traps at Spamhaus. They’re also blocked at Spamcop and have hit over 70 traps in the last 24 hours. Senderscore shows the IP has almost 100 trap hits as well, and a high unknown user rate.

On top of that, when we called the number Target gave us in the email, the phone rep told us that the address the mail was sent to was not in the Target database. Thus, she concluded, that the mail was actually a phishing email. Now, I don’t believe it was a phish, I think it was legitimate. But you can’t have your front line folks answering the phone telling people the mail you sent out was phishing.

There are a number of other problems with this mailing, that we’re still cataloging and will report on next week.

Overall, though, the email handling of this notification was a total failure on Target’s part.

8 comments

  1. Anna Brenton says

    The ESP behind this should be exposed. They may be legally culpable and they really need to step up here.

    1. laura says

      The ESP is Bigfoot Interactive / Epsilon. That wasn’t hidden in the original post, but was pointed out this morning.

  2. Matt Soreco says

    Strange indeed. I was wondering how / why they e-mailed me. I didn’t shop in the store during their breach. I never signed up for their newsletters or shopped online with them. There is no way they have my e-mail in their database.

  3. Catherine Jefferson says

    Laura, do I understand correctly that you are suggesting Target hired an email appender? Certainly your experience and that of Matt Soreco suggests it. If they did, then Target spammed those notices about its data breach. :/ I’ve been traveling for a few days and have not checked my spamtraps. I will do so when i get home…. I cannot imagine a more irresponsible, idiotic action that spamming users after a data breach, though. How are users to tell legitimate emails from phishes?

  4. Target Spams Email Appended List with Data Breach Notice » MainSleaze says

    […] was traveling, but Laura Atkins at Word to the Wise blogged about her experience receiving this email. Several antispammers that I know reported seeing the spam in their spamtrap […]

  5. steve says

    I think that hiring an email appender is one of the few stupid things that Target didn’t do. Instead, I think they’re sending this mail to every email address they’ve ever had access to, whether they had any actual relationship with it or not.

  6. Catherine Jefferson says

    Gotcha, Steve. I posted an update to my blog. They mailed a REALLY dirty list, in any event — I found several dozen spamtrap hits when I searched all days for this stuff. :/

  7. Syed Alam says

    Oh come one, somebody help them 🙂

Comment:

Your email address will not be published. Required fields are marked *

  • OTA joins the ISOC

    The Online Trust Alliance (OTA) announced today they were joining forces with the Internet Society (ISOC). Starting in May, they will operate as an initiative under the ISOC umbrella. “The Internet Society and OTA share the belief that trust is the key issue in defining the future value of the Internet,” said Internet Society President and CEO, Kathryn Brown. “Now is the right time for these two organizations to come together to help build user trust in the Internet. At a time when cyber-attacks and identity theft are on the rise, this partnership will help improve security and data privacy for users,” added Brown.No Comments


  • Friday blogging... or lack of it

    It seems the last few Friday's I've been lax on posting. Some of that is just by Friday I'm frantically trying to complete all my client deliverables before the weekend. The rest of it is by Friday I'm just tired. Today had the added complication of watching the Trumpcare debate and following how (and how soon) it would affect my company if it passed. That's been a bit distracting, along with the other stuff I posted about yesterday. I wish everyone a great weekend.1 Comment


  • Indictments in Yahoo data breach

    Today the US government unsealed an indictment against 2 Russian agents and 2 hackers for breaking into Yahoo's servers and stealing personal information. The information gathered during the hack was used to target government officials, security employees and private individuals. Email is so central to our online identity. Compromise an email account and you can get access to social media, and other accounts. Email is the key to the kingdom.No Comments


Archives