Terry Corbell, The Biz Coach
By Terry Corbell
Business Consultant

How Epsilon’s Security Flaw Threatened Millions of Businesses, Consumers



Epsilon, a major email marketing company, annually forwards billions of messages. The firm purports to be the leading op-in marketing company with more than 2,000 global customers.

Epsilon reportedly emails customers for some pretty big players, including Capitol One, Citibank, Disney, Home Shopping Network, JP Morgan Chase, Kroger, and TiVo.

As expected, Epsilon has an attractive Web site, www.epsilon.com. It touts all kinds of cutting-edge services. The site creates a favorable first impression.

ID-10074458 chanpipatBut in my April 4, 2011 visit to Epsilon’s home page and again two years later, an important element was also missing – an unfortunate omen, if you will. You see, appearances in business are important, especially first-impressions about IT security.

However, Epsilon has failed to adequately reassure its site’s visitors that it provides cutting-edge security.

In today’s IT environment, that’s more than just a gaffe. It suggests a catastrophe of monumental proportions waiting to happen. (In 2011, its branding slogan was “Marketing as Usual. Not a Chance.” Most recently, it’s been changed to “Where Intelligence Ignites Connections.”)

Unfortunately, such a security breakdown has already occurred. Indeed, on April 1, 2011, an ominous press release appeared on the company’s Web site. Unfortunately, it was not an April Fool’s joke.

Epsilon published this terse announcement:

Epsilon Notifies Clients of Unauthorized Entry into Email System

IRVING, TEXAS – April 1, 2011 – On March 30th, an incident was detected where a subset of Epsilon clients’ customer data were exposed by an unauthorized entry into Epsilon’s email system. The information that was obtained was limited to email addresses and/or customer names only. A rigorous assessment determined that no other personal identifiable information associated with those names was at risk. A full investigation is currently underway.

Security debacle

Epsilon’s notice didn’t please me. You see, the cybercriminals were already at work. Several days prior to the press-release posting on March 30, I became aware that something was amiss – phishing scams trying to entice businesses and consumers to take advantage of so-called offers.

Afterward, Threatpost reported that some of Epsilon’s customers in-turn warned their customers — here’s the warning from Disney Destinations to its customers:

“We have been informed by one of our email service providers, Epsilon, that your email address was exposed by an unauthorized entry into that provider’s computer system.  We regret that this incident has occurred and any inconvenience this incident may cause you.  We take your privacy very seriously, and we will continue to work diligently to protect your personal information,” the statement says.

“We want to assure you that your email address was the only personal information we have regarding you that was compromised in this incident. As a result of this incident, it is possible that you may receive spam email messages, emails that contain links containing computer viruses or other types of computer malware, or emails that seek to deceive you into providing personal or credit card information.”

Two morals

The two salient lessons from this security debacle:

  1. Epsilon and other companies that provide IT services need to make security more of a priority.
  2. Businesspeople and consumers need to stay alert to the dangers lurking on the Internet, and IT in general.

In conclusion, what are the solutions for this situation and to prevent more occurrences? My longtime go-to security expert is Dr. Stan Stahl of Citadel Information Group in Los Angeles. Here’s what he had to say in What You Really Need to Know to Stay Web Safe.

Further, noteworthy management lessons have evolved from the alleged data-management program at Epsilon. Obviously, Epsilon’s data management is an oxymoron. It is not managed properly. Here are Management Lessons from Epsilon’s Email-Breach Scandal.

From the Coach’s Corner, Dr. Stahl’s insights were also quoted in this business portal’s all-time most-read column: Using Starbucks’ WIFI? Security Pro Issues Warning and Security Checklist.

Dr. Stahl’s Web site: www.citadel-information.com. You can also find his informative blog.

“The single biggest existential threat that’s out there, I think, is cyber.”

-Michael Mullen


__________

Author Terry Corbell has written innumerable online business-enhancement articles, and is a business-performance consultant and profit professional. Click here to see his management services. For a complimentary chat about your business situation or to schedule him as a speaker, consultant or author, please contact Terry.





Photot courtesy of chanpipat at www.freedigitalphotos.net


Enter Google AdSense Code Here
Seattle business consultant Terry Corbell provides high-performance management services and strategies.