On March 30, digital marketing company Epsilon reported a data breach of what is estimated to be millions of customer names and emails from brands like Hilton, Best Buy, Target, Marriot, and Walgreens.
Specific details of the attack are scarce, but according to Epsilon, “an unauthorized entry into Epsilon’s email system” caused the breach, which some data security experts are claiming could have been the largest in history.
From the New York Times on April 4, 2011:
“It is clearly a massive hemorrhage,” said Michael Kleeman, a network security expert at the University of California, San Diego.
“Any time you have an organization that loses the contact information of customers for some of the biggest banks in the world, that’s a big deal,” said Brian Krebs, editor of Krebs on Security, a Web site that specializes in online security and crime. “You’ve just given the bad guys a road map between the banks and their customers.”
What does this mean for marketing?
The Epsilon breach has revealed a dirty secret of the corporate marketing world: One company (and there are dozens of others just like it) has a massive amount of information on customers from around the world and their relationships to brands of all shapes and sizes. From the Citibanks to the Kroger grocery stores, companies of all sorts provide online marketing firms like Epsilon with a lot of data on customers. Many argue that it is very easy to obtain the same information about anyone from publicly available databases, but that effort takes a considerable amount of coordination. A breach of this type makes “spear phishing” just that much easier by connecting a name to a brand and allowing even more targeted phishing to occur.
What does it all mean?
The security of personal information online has always been a serious concern for both customers and companies. Events like the Epsilon breach just reinforce fears of sharing information online and with big business. Isolated data breaches, even those as large as the one at Heartland Payment Systems in 2009, are significant negative events for customer relationships and brand trust. The Epsilon breach draws a direct line between multiple independent brands and a central entity that manages online marketing for each. Most customers would never see the correlation between brands and the vendors they contract to provide marketing services, a link that the Epsilon Breach very clearly illustrates.
Long term, the Epsilon breach is a nick on the shoulder of each company, regardless of its proactive customer contact regarding the incident.