Most tech experts have chimed in about the Epsilon email breach that took place the end of March. While it’s too bad that the public was not informed until a few days following the breach, at least, we were informed by the mainstream media.
But doesn’t it seem odd that we received notification of the security breach via email from Epsilon’s clients after the mainstream media reported the breach?
I received notification about the breach from Best Buy, McKinsey & Company, Marriott, and Disney Destinations. Two of the emails I received were signed by the company. McKinsey’s email was signed by McKinsey Quarterly’s Senior Managing Editor, Rick Kirkland, but the generic email@example.com was included for my use if I had questions.
The best email by far was from Best Buy for two reasons: first, it was signed by a real person, Barry Judge, Executive VP and Chief Marketing Officer; and second, it provided a link to a page on the Geek Squad website with “Six Steps to Keeping Your Data Safe.”
Yes, this was from a tech company, but still, their marketing team was alert to the situation and quick to provide information that would be helpful to and appreciated by consumers.
In my mind, the discussion is focusing on the wrong thing. Sure, the security breach was bad, but why did all of the approximately 50 companies who hired Epsilon need Epsilon in the first place?
Customers had placed their trust in companies from Capital One to Ritz-Carlton to Verizon to Walgreens, among others, and these companies just handed over all of their customer data to Epsilon.
What guarantees were given by Epsilon to their clients for data protection? While nothing can be guaranteed, a company with this many clients must show its clients that it has procedures in place for intruder prevention and detection.
What were the service level agreements (SLAs), and did they outline precautions that Epsilon would take to prevent such incursions? If none of this information was included in the SLAs, perhaps, it’s time for data-driven companies to include their information security strategies in SLAs.
So, what is the next step? You could terminate your email address and create a new one – which will definitely cause a headache or two. Or, you could change the password for your email account.
Or, perhaps, this situation will give you incentive to click “unsubscribe” on those hundreds of emails you signed up for a long time ago and instead of reading them, you just delete them.
So you can clean out your email box and, at the same time, evaluate the value of the emails you receive. If this happens, maybe, there was something positive that resulted from the Epsilon email security breach after all.