BreachExchange mailing list archives
Franken to act on Epsilon breach
From: Jake Kouns <jkouns () opensecurityfoundation org>
Date: Wed, 13 Apr 2011 01:16:22 -0400
http://www.mndaily.com/2011/04/13/franken-act-epsilon-breach As part of his role as chairman of the Privacy, Technology and the Law subcommittee, Sen. Al Franken, D-Minn., is investigating the security breach at marketing and management firm Epsilon that occurred earlier this month. University of Minnesota students were bombarded with emails last week from Epsilon clients, including Target, Citigroup and Verizon. The messages notified them of the breach that unveiled the records of approximately 2 percent of the marketing database company’s 2,500 corporate clients. Now Congress is demanding the company release more information about the breach. On Monday subcommittee member Sen. Richard Blumenthal, D-Conn., requested Epsilon CEO Bryan Kennedy come up with a plan to prevent data hackings in the future. Franken said a major problem is that many Americans don’t know where their information is stored or who’s in charge of it. “This is one of the largest data breaches in history,” Franken said in a written statement. “Yet most of the people affected by the Epsilon breach had never heard of that company before.” While the Epsilon breach is a national concern, Franken said it’s also a particular problem for Minnesota, as many state employers do business with the email marketing firm, including Best Buy and U.S. Bank. Franken vowed to do more to protect users’ information online. The U.S. Senate’s Privacy, Technology and the Law subcommittee is part of the Judiciary Committee and was formed in February. It came in response to the explosion of social media and online activity in general, Judiciary Committee Chairman Sen. Patrick Leahy, D-Vt., said in a statement. “We need to give Americans more awareness about who has their information and [give them] greater ability to protect it,” he said in the statement. As Congress is looking for a more detailed report on the magnitude of the breach, students are on the lookout for the phishing scams expected in the wake of the breach. Marketing senior Gina Clementi got an email about the breach from Express and heard about it in her business class at the University. “They called [phishing] the next wave of crime, and it definitely scared me,” Clementi said. “The email says ‘Hey, we’ve got it all under control,’ and it could be a cover-up, we don’t really know.” Since the cyber thieves obtained names and email addresses, consumers are at risk for “spear phishing” — phishing scams targeted to specific individuals via email or phone. “I feel like I’m smart enough to know what’s legit and what’s not,” mechanical engineering senior Jim Dawson said. “I always follow the general rule that you don’t give out info unless you initiated some contact first.” The Epsilon incident is the second major email marketing company breach within six months since Silverpop –– a provider with more than 100 clients, including McDonald’s –– was hacked in December. Alliance Data, Epsilon’s parent company, confirmed that Social Security and credit card numbers were safe. Epsilon currently makes up 22 percent of Alliance Data’s total profit, taking in $65 million last year. _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://datalossdb.org/mailing_list Learn encryption strategies that manage risk and shore up compliance. Download Article 1 of CREDANT Technologies' The Essentials Series: Endpoint Data Encryption That Actually Works http://credant.com/campaigns/realtime2/gap-LP1/
Current thread:
- Franken to act on Epsilon breach Jake Kouns (Apr 15)