The damage yet to be realized from the Epsilon Data Management breach, in which 250 million consumers names and e-mail addresses were compromised, has the potential to be staggering.
With 2500 client customer databases residing on their servers, Epsilon likes to characterize itself as the world’s premier email marketing service. Since they are responsible for over 40 billion (generally unwanted) emails annually, I tend to characterize Epsilon less favorably.
To this point, all of the companies involved in this breach (and the list is growing daily), are aggressively making the point that customer financial and confidential information, remains secure – and, has not been stolen. However, in a cover their ass move, many of the affected companies slip in a caveat – “based on everything we know”, or words to that effect.
Now, if one fell off the turnip wagon yesterday, that response might seem acceptable, or even encouraging. Personally, I’ll be guided by what experience has taught me in relation to situations such as this; and that is – there’s a very good chance that what we’re seeing today, is no more than the tip of the iceberg.
In the short term we can expect the following:
The incidence of targeted spam (since names, addresses, and most importantly, company affiliations are available), is sure to rise dramatically; with a corresponding increase in malware laden email.
Based on the same information accessibility, spam phishing attempts will move up the list of cybercriminals’ preferred scams. Unfortunately, the success ratio is likely to increase dramatically.
Long term impact has yet to be determined with any accuracy – but, since the type of companies impacted by this breach tend to operates in the Twilight Zone when it comes to safeguarding their customers privacy, heightened vigilance on the Internet, particularly not responding to unsolicited emails, takes on a new urgency if you are one of those who has had previous, or current dealings, with any of the affected companies.
Quick questions: Why wasn’t this enormously sensitive customer information encrypted? Have things gone so far, that we need to legislate common sense?
Internet security provider Kaspersky, has put together a list of the companies impacted by Epsilon’s data breach which is worth reviewing – if you’re unsure of a relationship with an affected company.
From Kaspersky Lab’s Threat Post:
The number of companies that was affected by the attack on online marketing firm Epsilon Data Management has continued to grow, virtually by the hour.
Many retailers, banks and other firms sent out notification letters to their customers on Monday, and to help you keep track of who’s affected, we’ve compiled a list of known companies victimized by the Epsilon attack.
There are likely to be even more companies that send out breach notification letters in the coming days, so check back for updates. Here is a list of companies known to have been affected so far: List of Companies Hit By Epsilon Breach.
If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.