A data breach at third-party marketing firm Epsilon has exposed the email addresses and names of customers from several large retailers and financial institutions, including Chase Bank, Best Buy, TiVo, Disney, Kroger and more. It’s a hack that won’t affect, say, financial data, like bank account numbers, but gives rise to security concerns anyway.
A hack of this nature still leaves consumers open to phishing attacks, an indirect hit that delivers malware via email, as this method grows in popularity. While mobile security is facing its own unique tactics and vulnerabilities, email malware continues to increase. A recent Commtouch report shows that 30% of email messages contain malware attachments, with Facebook and UPS as the current most popular lures for unknowing consumers.
The unauthorized entry into Epsilon’s email system, which took place late last week, prompted the affected companies to distribute warning and information emails, putting out public statements regarding the possibility that their customers’ email addresses may have been stolen. Even before realizing how far-reaching Epsilon’s hack was, I’d received an email update from my bank. Epsilon, too, has made a public statement, which reads,
“The information that was obtained was limited to email addresses and/or customer names only,” Epsilon said. “A rigorous assessment determined that no other personal identifiable information associated with those names was at risk. A full investigation is currently underway.”
It’s one of the dangers of dealing with third-party services, especially where shared consumer data is involved. It’s also part of the reason cloud security, particularly for the private cloud, remains so relevant in the finance industry, which have far more risk to bear when it comes to the protection of their consumer information.
Customer safety was at the forefront of Constant Contact’s mind, when it took on additional cloud services with Puppet Labs integration. For virtualization in particular, marketing companies with access to sensitive consumer data must consider several scenarios and set up protection at various points of their own processes. Few details have been released regarding Epsilon’s data breach, but as we can see, there are many aspects of consumer data that must be studied and protected.