Tuesday, April 5, 2011

Data Security Breach Impacts Major Companies (and Millions of Consumers)

Dallas-based Epsilon, the marketing services firm that had a security breach involving consumer e-mails, is not disclosing which companies were involved in the fiasco. Reports indicate that up to 50 firms were impacted, including the financial giants JPMorgan Chase and Capital One.

Yesterday, my inbox was full of apologies from major companies (all pointing a finger at Epsilon) such as Hilton, Walgreens, Best Buy, Disney, Eddie Bauer, and The Kroger Company.

According to Rik Ferguson, director at security software vendor Trend Micro, I should be worried.  Here is what Rik wrote in his blog:
"Not only do the criminals know your name and email address, they know where you go shopping, where you bank, which hotels you stay at and much more. If you are unfortunate enough to have received multiple notifications, just imagine what kind of profile is now in criminal hands."

News reports indicate how common this type of marketing outsourcing is in the industry. Many companies hand over their customer data to a third-party specialist and say, "here, you take care of this for us." Knowing that, hackers have an easier target; they can go after the little services providers instead of the big guys. Instead of just getting one firm's data, they can snag fifty at a time.

Some experts think that this Epsilon event may change the way companies outsource their marketing mass mailings. See ComputerWeekly for an article.

Just imagine the potential value the hacker sees in obtaining the e-mail addresses of every consumer of dozens of the U.S.'s major firms.

Data is valuable and thieves steal valuable things. They then sell it to other crooks who intend to make money off of the stolen merchandise. At some point, their money-making scheme might involve contacting the stolen e-mail recipients and trying to get access to their money.

Hopefully, you use an e-mail provider that is very adept at identifying scams such as phishing. However, with a complete profile of your buying habits, the crooks can now "spear-phish," a term used for a type of phishing scheme that goes after a targeted victim. If you were an Epsilon multiple victim like me, you will need to be personally vigilant against a targeted scam.

Reuters provides some things to do to prevent being a victim.

This should also be a warning to you about the data you store for Business Intelligence. It is valuable and you need to implement the proper safeguards to protect it from unauthorized access. 

1 comment:

sherlina s said...

Hi, probably our entry may be off topic but anyways, I have been surfing around your blog and it looks very professional.

Security Companies in India

About Me

My photo

I am a project-based consultant, helping data-intensive firms use agile methods and automation tools to replace legacy reporting and bring in modern BI/Analytics to leverage Social, Cloud, Mobile, Big Data, Visualizations, and Predictive Analytics. For several world-class vendors, I led services teams specializing in providing software implementation and custom application development. Based on scores of successful engagements, I have assembled proven methodologies and automated software tools.

During twenty years of technical consulting, I have been blessed to work with smart people from some of the world's most respected organizations, including: FedEx, Procter & Gamble, Nationwide, The Wendy's Company, The Kroger Co., JPMorgan Chase, MasterCard, Bank of America Merrill Lynch, Siemens, American Express, and others.

I was educated at Valparaiso University and the University of Cincinnati, graduating summa cum laude. In 1990, I joined Information Builders, the vendor of WebFOCUS BI and iWay enterprise integration products, and for over a dozen years served in branch leadership roles. For several years, I also led technical teams within Cincom Systems' ERP software product group and the custom software services arm of Xerox.

Since 2007, I have provided enterprise BI services such as: strategic advice; architecture, design, and software application development of intelligence systems (interactive dashboards and mobile); data warehousing; and automated modernization of legacy reporting.