Epsilon Breach Affects JPMorgan Chase, Capital One 180
Orome1 writes "The recent Play.com breach has been tied to the attack that its marketing communications firm Silverpop — a company that services over 105 customers, among whom are Walgreens and McDonalds — suffered last December. But the latest breach will likely have the biggest impact, because marketing services provider Epsilon — the largest one in the world — has notified its customers of a breach that likely compromised all of their mailing lists. Among Epsilon's customers are US Bank, JPMorgan Chase, TiVo, Capital One, the Home Shopping Network, LL Bean Visa Card, Ritz-Carlton Rewards, Best Buy, Disney Destinations, Walgreens, and many more." How many apology emails have you got so far today?
Received one this morning. (Score:5, Interesting)
Wonderful. (Score:5, Interesting)
I cancelled my Chase accounts a month ago when they instituted a $120 a year fee on their 'Free Lifetime Checking' accounts.
And yet they retained and leaked my email address.
Can I charge them a $10 monthly fee for spam removal?
Re:How does this happen? (Score:5, Interesting)
It's not so much a matter of money as it is one of logistics. Maintaining an farm of mail servers for what is a relatively low volume of correspondence doesn't make much sense. You still have to keep them secured, track opt outs and all the other stuff, handing it over to a 3rd party generally makes more sense. Plus, there's no guarantee that they'll manage any better.
If anything this is just evidence that Epsilon screwed up and wasn't adequately separating the data. Without more information it's hard to say what they did, but chances are they were storing the various mailing lists on the same database servers.
Capitalone, spends a lot of money protecting its customers from fraud, I know that because they're regularly on the phone with me when their computers pick up suspicious activities, and typically the account is locked within a minute pending authorization from me. I have a hard time believing that they'd spend all that money on security in that area and then go with a cut cost fly by night vendor for managing their emails. It's possible, but strikes me as odd.
Re:How does this happen? (Score:4, Interesting)
I wish it were that easy these days. You try maintaining an email server to send out marketing messages when you don't have SPF, Domainkeys, or SenderScore certification. Even sending out undeliverable email notices will get you put on an IP block list before you knew what happened. I could go on, but none of these things involve spammy keywords being in the message at all.
corporate persons and human rights (Score:2, Interesting)
Oh, come on now, let's be fair, they're all really quite sorry...
Don't forget, they also "regret this has taken place" in the public eye and "are working diligently... and continue to protect your personal information" by sharing your info with Experian, TransUnion, Equifax, and ChoicePoint every month; along with the occasional publicized data breach. So there you have it, a sorry, a regret, and a things will continue. You can go back to using your accounts and rest assured they are as safe as they ever were. Whatever that means.
Whenever you or I lose a company laptop, violate a contract, disclose a non-disclosure agreement, expose a sealed order, blow the whistle on environmental violations, expose internal corporate corruption, we are harangued, demoted, sued, fined, fired, jailed, or blacklisted. Maybe the difference between being a human and a corporation having the same rights as a person hasn't worked out and is slowly changing?