Hackers are having a field day again.
Major corporations in recent days scrambled to tell customers that personal information had been stolen online from an advertising firm called Epsilon that handles e-mail marketing services for thousands of companies.
I got an my e-mail from Best Buy over the weekend warning that some customer e-mail addresses held by Epsilon had been accessed without permission.
Best Buy said it was assured by Epsilon that the hackers obtained only e-mail addresses. "A rigorous assessment by Epsilon determined that no other information is at risk," Best Buy stated. "We are actively investigating to confirm this."
Why, I feel so much better knowing that Epsilon, the same company lax enough to allow e-mails to be purloined, had conducted "rigorous assessment" and decided no other data had been breached.
The list of major companies that employ Dallas-based Epsilon to handle e-mail marketing services for them is huge. Some companies already have gone public warning customers — ironically, by e-mails — that hackers may now have their name and e-mails and the knowledge of a customer relationship with specific companies.
Let's bring in a voice of reason.
"There's a lot of fear and paranoia out there, and this is an egregious hack, but this is not a 'run for the hills' situation," says Clearwater's Alex Eckelberry, a founder of online security firm Sunbelt Software and now general manager GFI Software's security business unit.
"This is a big black eye for Epsilon and companies that use them," he adds. "The positive aspect is corporations will be more careful about how customer data is handled."
Many consumers now may be confronted with a barrage of fraudulent e-mails that will try to coax more personal information like log-on passwords or, worse, credit card or financial account data or Social Security numbers, from those of us insufficiently suspicious or still uninformed.
On its own, the Epsilon breach would not be of such great concern. But the hack comes only a few years after the Heartland Payment Systems data breach, the largest known incident of its kind, with an estimated 130 million payment cards affected. Tampa's Sweetbay Supermarket also got hacked in 2008, giving up data on 1.6 million Visa, Mastercard and Discover credit cards.
The trick in all this online mess, of course, is that more and more data hacks mean the business community increasingly may find online marketing — a key slice of commerce going forward — grossly undermined by a loss of trust by the general public.
So far, affected companies include major credit card issuers like Chase, Capital One, Citigroup, Barclays Bank and U.S. Bancorp, and retailers like HSN, Verizon, Walgreens, TiVo, Brookstone, L.L. Bean, McKinsey & Co., Marriott International, Ritz-Carlton, Hilton Worldwide, Walt Disney travel subsidiary Disney Destinations and, of course, Best Buy. Even the not-for-profit College Board, which oversees the SATs, warned that hackers may have obtained student e-mail addresses.
The number of companies fessing up will grow.
Epsilon is no puny player. The company bills itself as the "world's largest permission-based e-mail marketer," saying it sends out 40 billion e-mails a year on behalf of 2,500 client corporations. The company is owned by Alliance Data Systems Corp., which describes itself as "a leading provider of loyalty and marketing solutions derived from transaction-rich data."
Maybe it's time these marketers of "transaction rich" information spend more time protecting that data rather than leveraging it.
Robert Trigaux can be reached at firstname.lastname@example.org.