Yesterday, my inbox was full of apologies from major companies (all pointing a finger at Epsilon) such as Hilton, Walgreens, Best Buy, Disney, Eddie Bauer, and The Kroger Company.
According to Rik Ferguson, director at security software vendor Trend Micro, I should be worried. Here is what Rik wrote in his blog:
"Not only do the criminals know your name and email address, they know where you go shopping, where you bank, which hotels you stay at and much more. If you are unfortunate enough to have received multiple notifications, just imagine what kind of profile is now in criminal hands."
News reports indicate how common this type of marketing outsourcing is in the industry. Many companies hand over their customer data to a third-party specialist and say, "here, you take care of this for us." Knowing that, hackers have an easier target; they can go after the little services providers instead of the big guys. Instead of just getting one firm's data, they can snag fifty at a time.
Some experts think that this Epsilon event may change the way companies outsource their marketing mass mailings. See ComputerWeekly for an article.
Just imagine the potential value the hacker sees in obtaining the e-mail addresses of every consumer of dozens of the U.S.'s major firms.
Data is valuable and thieves steal valuable things. They then sell it to other crooks who intend to make money off of the stolen merchandise. At some point, their money-making scheme might involve contacting the stolen e-mail recipients and trying to get access to their money.
Hopefully, you use an e-mail provider that is very adept at identifying scams such as phishing. However, with a complete profile of your buying habits, the crooks can now "spear-phish," a term used for a type of phishing scheme that goes after a targeted victim. If you were an Epsilon multiple victim like me, you will need to be personally vigilant against a targeted scam.
Reuters provides some things to do to prevent being a victim.
This should also be a warning to you about the data you store for Business Intelligence. It is valuable and you need to implement the proper safeguards to protect it from unauthorized access.