I’m Getting E-Mails From Epsilon’s Clients. Are You?
By Harry McCracken | Tuesday, April 5, 2011 at 11:09 am
On Friday, marketing company Epsilon announced that an unknown third party had broken into its e-mail system and gained access to the names and e-mail addresses of some of the companies which Epsilon performs services for. And so, over the past few days, Epsilon clients have been sending e-mail to their customers alerting them to the breach and its potential consequences.
I got this email from TiVo on Saturday:
And here’s one I got from Marriott today (despite the date):
I’m not sure why Marriott took longer to alert me to the news, or why it seems more confident than TiVo that I’m unlikely to suffer as a result of the breach. (Marriott says “in all likelihood” I won’t be impacted, and artfully tells me to worry about phishing spam without accepting culpability for any I might get; TiVo says there’s a chance the breach will lead to spam.)
At least both TiVo and Marriott apologize in their messages. Epsilon, whose slogan is the unfortunate “Marketing as Usual, Not a Chance,” doesn’t express any regret in its press release about the leak. Nor does it tell us consumers about any steps we should take in response to the break-in.
(I find it interesting that Epsilon’s About Us page does lots of bragging–but doesn’t say anything about protecting the data of the consumers who are customers of Epsilon’s clients. It might want to revise its boilerplate at some point.)
Epsilon says that only about two percent of its clients’ information was leaked, but judging from the chatter among my Twitterfriends, that two percent still adds up to a lot of customers of a lot of very large companies:
Have you received any Epsilon-related messages from companies you do business with?
UPDATE: I got an e-mail from 1-800-Flowers, too, but it got stuck in my spam filter. Here it is:
12 Comments
Read more:
12 Comments For This Post
April 5th, 2011 at 11:19 am
We've received e-mail from Disney Destinations, one of the companies affected.
April 5th, 2011 at 11:20 am
Walgreens, Target and Wells Fargo
April 5th, 2011 at 11:41 am
CollegeBoard. Seriously.
April 5th, 2011 at 11:41 am
Got notice about Epsilon from bodybuilding.com
April 5th, 2011 at 11:51 am
Forget it Harry, it's Chinatown (in the 1974 Roman Polanski movie sense of the word). I.e. normal standards of product/service warrantability and liability don't apply because it has something to do with computers. Why else do we tolerate shoddy software, computers that crash, and services that issue a supercilious "My bad." anytime someone hacks into customer data? Price of progress, right?
April 5th, 2011 at 11:59 am
Haven't received anything. Amazing that Epsilon's CIO has no clue about securing data at rest.
April 5th, 2011 at 1:11 pm
I got a note from Best Buy and Chase – but interesting, though BarClays is listed in the ones affected, I got no letter at all from them.
April 5th, 2011 at 1:24 pm
I've had the one from TiVo. My wife has had many more.
What's gets me is that we thought we were signing up with these separate companies who we wanted to do business with and behind the scenes they were just handing it all off to some third party that normally we'd never get to hear about. I know it's naive to think that anyone does their own back office stuff these days, but it should be the frontline companies (TiVo, Marriott, Target, etc) who are on the hook for any customer compensation. They picked a flaky marketing "partner" – they should have to make good any mistakes.
April 5th, 2011 at 1:59 pm
I got an email from Citi about this.
April 5th, 2011 at 9:14 pm
air miles as well
January 17th, 2012 at 3:26 pm
Everyday there seems to be more and more breaches.
January 18th, 2012 at 7:38 pm
This is a good example of reputation management done right and done wrong. In an event of an unauthorized access to a company's data, they need to inform their clients and customers as soon as possible. Failure to address their concerns could lead to a PR nightmare.