Tuesday, April 5, 2011

Data Security Breach Impacts Major Companies (and Millions of Consumers)

Dallas-based Epsilon, the marketing services firm that had a security breach involving consumer e-mails, is not disclosing which companies were involved in the fiasco. Reports indicate that up to 50 firms were impacted, including the financial giants JPMorgan Chase and Capital One.

Yesterday, my inbox was full of apologies from major companies (all pointing a finger at Epsilon) such as Hilton, Walgreens, Best Buy, Disney, Eddie Bauer, and The Kroger Company.




According to Rik Ferguson, director at security software vendor Trend Micro, I should be worried.  Here is what Rik wrote in his blog:
"Not only do the criminals know your name and email address, they know where you go shopping, where you bank, which hotels you stay at and much more. If you are unfortunate enough to have received multiple notifications, just imagine what kind of profile is now in criminal hands."

News reports indicate how common this type of marketing outsourcing is in the industry. Many companies hand over their customer data to a third-party specialist and say, "here, you take care of this for us." Knowing that, hackers have an easier target; they can go after the little services providers instead of the big guys. Instead of just getting one firm's data, they can snag fifty at a time.

Some experts think that this Epsilon event may change the way companies outsource their marketing mass mailings. See ComputerWeekly for an article.

Just imagine the potential value the hacker sees in obtaining the e-mail addresses of every consumer of dozens of the U.S.'s major firms.

Data is valuable and thieves steal valuable things. They then sell it to other crooks who intend to make money off of the stolen merchandise. At some point, their money-making scheme might involve contacting the stolen e-mail recipients and trying to get access to their money.

Hopefully, you use an e-mail provider that is very adept at identifying scams such as phishing. However, with a complete profile of your buying habits, the crooks can now "spear-phish," a term used for a type of phishing scheme that goes after a targeted victim. If you were an Epsilon multiple victim like me, you will need to be personally vigilant against a targeted scam.

Reuters provides some things to do to prevent being a victim.

This should also be a warning to you about the data you store for Business Intelligence. It is valuable and you need to implement the proper safeguards to protect it from unauthorized access. 

1 comment:

sherlina s said...


Hi, probably our entry may be off topic but anyways, I have been surfing around your blog and it looks very professional.

Security Companies in India

About Me

My photo

I am a project-based software consultant, specializing in automating transitions from legacy reporting applications into modern BI/Analytics to leverage Social, Cloud, Mobile, Big Data, Visualizations, and Predictive Analytics using Information Builders' WebFOCUS. Based on scores of successful engagements, I have assembled proven Best Practice methodologies, software tools, and templates.

I have been blessed to work with innovators from firms such as: Ford, FedEx, Procter & Gamble, Nationwide, The Wendy's Company, The Kroger Co., JPMorgan Chase, MasterCard, Bank of America Merrill Lynch, Siemens, American Express, and others.

I was educated at Valparaiso University and the University of Cincinnati, where I graduated summa cum laude. In 1990, I joined Information Builders and for over a dozen years served in regional pre- and post-sales technical leadership roles. Also, for several years I led the US technical services teams within Cincom Systems' ERP software product group and the Midwest custom software services arm of Xerox.

Since 2007, I have provided enterprise BI services such as: strategic advice; architecture, design, and software application development of intelligence systems (interactive dashboards and mobile); data warehousing; and automated modernization of legacy reporting. My experience with BI products include WebFOCUS (vendor certified expert), R, SAP Business Objects (WebI, Crystal Reports), Tableau, and others.