Epsilon Data Breach Casts a Cloud on Cloud Security

By CIOinsight  |  Posted 04-06-2011 Print Email
Consumer trust could take a hit after the theft of thousands of email addresses from Epsilon, and organizations will have to weigh the risks of outsourcing customer data.

As email-marketing company Epsilon continues to deal with the fallout related to the revelation that some of its clients' customer data has been exposed to a third-party, it becomes clear that this incident affects all service providers as organizations renew their focus on data security. In addition, this latest data breach calls into question how secure information is within a cloud-computing infrastructure.

Epsilon reported April 1 that it detected an "unauthorized entry" into its email system and discovered that email addresses and names belonging to a "subset" of its clients had been exposed to attackers.

The company estimated that the attack affected 2 percent of its approximately 2,500 clients.  Despite the size of the breach, some affected companies and customers have taken heart in the fact that the stolen data included "only" email addresses, as opposed to personally identifiable information, such as social security numbers.

Still, it means customers are in for more spam, and that leads to questions about whether people can trust something as simple as an email address to a retail store or hotel chain.

"Any company that is privileged to manage the information that a company maintains about its customers should be paying attention," said Dave Frankland, principal analyst at Forrester Research.

Most of the individuals receiving notification emails about the breach have never heard of Epsilon. The data loss doesn't affect their perception of Epsilon. However, the breach has affected customers' relationships to the name-brand banks, travel companies or retail outlets that have had to send out notifications that email addresses have been compromised, said Frankland.

"Customers will surely start to wonder if they can't trust these firms with their email addresses. [They ask themselves if it's] really that smart to trust them with their credit card data, or with their mortgage," Frankland said.

The resulting loss of trust and consumers' perception that companies shouldn't have outsourced even the "innocuous" data may force organizations to reassess their marketing strategy. The kind of targeted marketing that Epsilon and similar firms do, such as marketing a mink coat to consumers in Ohio but not to Miami residents, is often beyond the organization's capabilities. But now organizations have to recognize the risks to the brand and consumer trust by continuing to work with an external marketing provider, Frankland said.

For more, read the eWEEK article: Epsilon Data Breach Highlights Cloud-Computing Security Concerns.


Submit a Comment

Loading Comments...