Epsilon: NOT Such a Negligible Effect

From Ancient Greek ἒψιλόν (epsilon, “the letter Ε”), defined in the context of computing as “A negligible effect.”

But also, Epsilon is an online marketing unit of Alliance Data Systems Corp., servicing over 2,500 clients via the distribution of permission-based emails.  On Wednesday (March 30), Epsilon announced in a short statement to its clients (not to the public) with no details other than ” a subset of its database was accessed externally” resulting in email addresses and names being stolen. And far from having a negligible effect, this may represent the largest security breach in the history of the Web.

What does this mean to you? At a minimum it will lead to targeted unsolicited emails being sent to you in greater frequency and quantity.

I started to get wind of the problem when I received two emails from retailers I have dealt with online, but haven’t interacted with in many months, Brookstone and Disney Destinations. Then I saw other people mention on Twitter receiving similar notices from TiVo, Kroger and other brands. There had to be a common denominator and it was Epsilon.

How widespread is the breach? Hard to tell at this point, but according to Neil Schwartzman, chief security specialist for CASL Consulting, “It is the biggest breach we have ever seen; and to say no financial information has been stolen is, well, understating the massive breach and concern.”

Here’s only some of the 50 brands whose customers are affected (note the many financial institutions):

• 1-800-FLOWERS
• Abe Books
• Ameriprise Financial
• Barclays Bank
• Best Buy
• Brookstone
• Capital One
• Citi
• Disney Destinations
• Eddie Bauer
• Hilton
• Home Shopping Network (HSN)
• JPMorgan Chase
• Kroger
• Lacoste
• LL Bean
• Marriott Rewards
• McKinsey & Company
• New York & Company
• Robert Half
• Ritz-Carlton Rewards
• Target
• The College Board
• TiVo
• US Bank
• Visa Card
• Walgreens

Got spam? Blame Epsilon (yes, I know they aren’t the only causal factor, but they’ve now further sullied the ecommerce waters). It’s important to note that the companies listed above and others caught in the maelstrom are not to blame. They contracted with a well-known service provider with a stellar client list. It is reasonable for them to have felt confident that a company whose stock in trade is in email communications to have safeguards in place to protect their data.

As for reparations, blogger and former co-worker during my AOL years Joe Manna says, don’t expect anyone to pay for your inconvenience based upon past incidences similar to this one:

“This is the work of offshore hackers where laws are weak, jurisdiction is limited and tracking people down is near impossible. Don’t expect anyone to get arrested, because the hackers are global.”

One more thing —  as of this morning (April 4) the Epsilon web site shows no mention of the breach even as the story is exploding online naming them as the cause, letting their clients take the blowback (and the blame?). The story went public on Friday and so the social web has had three days to spread the story without company response. It appears Epsilon needs a social media professional on staff to help modernize its marketing and public relations.

Again, old thinking or as we in social media say a PR #FAIL.

Follow the Epsilon not-so-negligible fallout: Targeted Google News Search