Massive Epsilon Email Data Breach

April 4, 2011 by
Filed under: Analytics, Data Governance 

The other day I received an email from one of the advisory service providers to which I subscribe, saying:

“We have been informed by our e-mail service provider, Epsilon, that your e-mail address was exposed by unauthorized entry into their system.”

By this morning, I had gotten another two emails from different companies that send me emails with the same news, that Epsilon had been hacked and my email address was exposed. Actually, the notes, which all shared the same wording, said this:

“We have been assured by Epsilon that the only information that was obtained was your first name, last name and e-mail address and that the files that were accessed did not include any other information.”


As reported in this article from Mashable, apparently there are a lot of companies that are using Epsilon as an email provider, a hodge-podge of financial organizations, retail companies, loyalty programs, and service providers. Comments to the article are adding many more companies that were affected.

Oh, one more item: the emails claim that “no other personal identifiable information associated with those names was at risk.”

As a data bigot, I beg to differ. If the hacked data consisted of just a list of emails, perhaps so. But subscription to email updates from a company indicate some kind of relationship between the recipient and the company, and if the breached data is organized according to the sets of email addresses for each of the companies, then accessing this data actually exposes a significant amount of personal information. Using rudimentary analytics for linking the set of companies to each email address, someone could figure out the types of banks a person like to do business with, the types of products the person buys (do they buy from LL Bean or from Best Buy?), the general area they live (do they shop at Krogers, Ralph’s, or Safeway?), the hotels they like to stay in (Ritz-Carlton?), etc.
The suggestion that only email addresses were exposed is, in my opinion, absurd. I would be interested in hearing more details about that scope of this data breach and what information about me was truly exposed.

Comments

Tell me what you're thinking...
and oh, if you want a pic to show with your comment, go get a gravatar!