Brookstone is notifying customers that their email service provider was compromised. Although not named in the email notice, the timing of this suggests that it may be Epsilon. I had contacted Epsilon earlier this evening to inquire whether they would just disclose a list of affected clients, but they had declined to do so. A site reader sent this to DataBreaches.net:
From: Brookstone
Date: Fri, Apr 1, 2011 at 8:20 PM
Subject: An important announcement for Brookstone e-mail customers
To: [redacted]*++++++++++++Important E-Mail Security Alert++++++++++++*
Dear Valued Brookstone Customer,
On March 31, we were informed by our e-mail service provider that your e-mail address may have been exposed by unauthorized entry into their system. Our e-mail service provider deploys e-mails on our behalf to customers in our e-mail database.
We want to assure you that the only information that may have been obtained was your first name and e-mail address. Your account and any other personally identifiable information are not stored in this system and were not at risk.
Please note, it is possible you may receive spam e-mail messages as a result. We want to urge you to be cautious when opening links or attachments from unknown third parties.
In keeping with best industry security practices, Brookstone will never ask you to provide or confirm any information, including credit card numbers, unless you are on our secure e-commerce site, Brookstone.com.
Our service provider has reported this incident to the appropriate authorities.
We regret this has taken place and for any inconvenience this may have caused you. We take your privacy very seriously, and we will continue to work diligently to protect your personal information.
Sincerely,
Brookstone Customer Care
**
****************************************************************************************************
To speak to a Customer Service representative, call 800-926-7000.Brookstone Customer Service
1 Innovation Way
Merrimack, NH 03054
****************************************************************************************************
Update: Brookstone subsequently confirmed its breach notice was Epsilon-related.