More spammers may know your e-mail address and your name after a major online marketer saw its database compromised.
Epsilon Data Management issued a press release on Friday warning that “a subset of Epsilon clients’ customer data were exposed by an unauthorized entry into Epsilon’s email system.” The Irving, Tex., firm said it discovered the problem on Thursday and had since determined that only e-mail addresses, names or both had been exposed by the breach.
For those unfamiliar with the company before this weekend — which probably includes most readers, as well as myself — Epsilon calls itself “the world’s largest permission-based email marketing provider.” This subsidiary of Plano, Tex.-based, Alliance Data Systems reports sending more than 40 billion e-mail messages a year on behalf of 2,500-plus client firms.
Those are the companies — to name a few, Best Buy, Capital One, Walgreen’s and TiVo — who would now be e-mailing you if your name or address were among those compromised.
Despite doing business with at least two Epsilon clients, I have yet to get any such apology. But my colleague Hayley Tsukayama received one such “we apologize for any inconvenience this may have caused you” note from U.S. Bank on Saturday. That message clarified that “we want to assure you that U.S. Bank has never provided Epsilon with financial information about you.”
And that’s the important point: While your e-mail address may be more public than before, other data about you is not. That makes this a much smaller problem than such past data breaches as the General Services Administration’s 2010 exposure of the names and Social Security Numbers of all of its 12,000 employees, or the long series of screwups that saw tens of millions of credit-card transactions compromised in the last five years alone.
Compared with that sorry record — and in light of the near inevitability of an e-mail account getting spammed — Epsilon’s error looks like a minor flub. But if you have been using only one account for all of your correspondence, instead of the more advisable policy of employing a secondary address for online shopping and bill payment, this could easily be more of an annoyance.
Have you received any apology-grams from Epsilon clients? Have any of them put any more creativity into their “sorry about your e-mail” notes than others?