Epsilon Breach Not Too Worrisome, According to Security Experts

The messages continue to flood inboxes, as a result of the Epsilon security breach, which put consumers’ email addresses into the hands of…someone.

I’ve seen my share of messages from the companies that used Epsilon, warning me of the breach, but I can’t say that I’ve noticed an increase in spam so far. I’m getting more emails from these companies themselves.

The reported list of companies that use Epsilon seems to keep growing. There are reportedly over 2,500 of them. The list includes: US Bank, Capital One, JPMorgan Chase, Citigroup, Best Buy, Kroger, TiVo, Walgreen’s, Target, Disney, Robert Half, Brookstone, Home Shopping Network, McKinsey & Company, etc.

Perimeter E-Security CTO, Andrew Jaquith said he received an email from McKinsey Quarterly notifying him of the attack and made a couple quick observations – first, this is embarrassing for Epsilon and second, the attack will be of no consequence to most people. He says that companies should take this incident as an opportunity to reinforce their security policies, but shouldn’t worry too much.

Still, there are plenty of questions that remain about the incident. Daniel Ionescu at PCWorld brings up some good points in that companies should probably do a better job of letting consumers know when they’re email addresses are given to third-parties, and that the mystery remains around how the breach even occurred in the first place.

Epsilon itself sends about 40 billion emails per year for its clients, so it’s likely that you’ve already been getting a ton of email thanks to the company. Now, you might get some more, as a result of the breach, and sure, it’s possible that some may end up being malicious.
If you haven’t been sent spam prior to this, however, you must be in the minority. Just treat it like the rest of the spam you get. Ignore it and filter it. That seems to be the message the security guys like Jaquith are sending out.

It does seem that people continue to fret about the breach, as Epsilon frequently appears as a hot search item in Google Trends.

Epsilon says it is investigating the breach.

There are 4 Comments. Add Yours.

Kit
April 5, 2011 at 1:16 pm

“He says that companies should take this incident as an opportunity to reinforce their security policies, but shouldn’t worry too much.”
What a hypocritical thing to say! This is an opportunity to beef up security policies, but oh wait, don’t worry about it? The lack of concern is astounding. Fool me once, shame on you. Fool me twice, shame on me!
MIKE
April 5, 2011 at 1:24 pm

I have received about 20 emails from providers of services. Did I authorize them to pass my information to another company. They are downplaying the situation, due to the nature of the information. They just do not want people to file law suite, I do not normally believe in suing. However I think a class action is in order. If you agree email me @ MRMAX123@att.net.
MIKE
April 5, 2011 at 1:31 pm

After checking the company out, why should we believe them when they state it is only our names and emails that was compromised. This company has more information on us than our wives, why would the information only be limited to names and e-mails and not everything?
Jonathan
April 8, 2011 at 12:31 pm

People won’t just stop using email. What we need to do is help educate subscribers so they don’t fall victim to scams. We need to make sure the email systems we use are keeping up with the latest security procedures. And we need to keep looking to the future.