I, like many others, have received security notifications about the Epsilon data breach. In the last 48-hours I have been sent email warnings from 8 companies that I trusted with my personal information – Banks, retailers and hotels.
These companies entrusted my private contact information to Epsilon, a 3rd party e-mail marketing company…. And that information has now been compromised by hackers. Awesome.
Details of this massive breach are still rolling in, but so far the list of affected companies is known to include: Ameriprice Financial; Best Buy; Brookstone; Capital One; Citibank; Disney Destinations; Hilton; Home Shopping Network; JPMorgan Chase; Kroger; LL Bean Visa Card; Marriott; QVC; Robert Half; Red Roof Inn; Ritz-Carlton; Target; The College Board; TiVo; US Bank; Walgreens; 1-800-FLOWERS. And there are likely many more that we haven’t heard about yet.
The Epsilon e-mail breach is a warning about the data security standards employed by third-party service providers, as well as a not-so-subtle reminder to organizations to require strong contractual obligations related to security practices with every business partner and third-party provider you do business with. As we learned with Epsilon, the privacy – and trust – of your customers may depend on it.
Lastly, be on the lookout for scam emails in your inbox. The Epsilon breach is an example of how hackers can now match your name and email address to companies that you interact with. So get ready for the onslaught of emails trying to trick you into handing over your online usernames and passwords. I suggest not clicking links embedded in emails, instead always go to the company website directly and logon from their safe homepage. Check out this informative article on The Last Watchdog for more on spear phishing risks as well as some commentary by Ipswitch’s Frank Kenny on data breaches and customer notifications.