computerwoche.de

Archiv

Epsilon: a watershed for an industry under siege

11.04.2011
Last week, consumers in the U.S. were bombarded with e-mail messages warning them of what may be the most widely felt data breach in U.S. history. A company that most of them had never heard of, Epsilon Interactive, had been compromised and their names and e-mail addresses had been stolen.

For a few days, it seemed that almost everyone was getting a warning message. The notes all struck the same tone: "Email files have been accessed without authorization," said one, sent to holders of the Dressbarn credit card. "You could receive some spam email messages. We sincerely apologize."

The breach left many victims uneasy, rather than outright scared. After all, these are stolen e-mail addresses, not Social Security numbers or bank account details. Brian Jacobs is a typical victim. An IT manager with the city of Rockport, Texas, he woke up on Monday, April 4 to a warning e-mail from his former employer, staffing firm Robert Half International, telling him that his e-mail address had been taken. With nothing more in the balance, Jacobs said he wasn't particularly worried, but he didn't feel good either. "When they said, 'They just got your e-mail address,' it's like, 'Well, that's what you're telling me today. Are you going to be telling me something else tomorrow?'" he said.

One thing that neither Epsilon nor its parent company, marketing giant Alliance Data, are discussing is the fact that the Epsilon breach is just the latest development in a long-running campaign to hack into the service companies that pump out the bulk of the nation's sales coupons, air miles account updates, and friendly reminders that make up legitimate marketing e-mail campaigns. There are hundreds of these companies out there, ranging from small mom-and-pop operations to large subsidiaries of publicly traded corporations like Epsilon. And over the past year, spammers have been trying to break into them with a vengeance.

"There has been a series of attacks on e-mail service providers that has been occurring since December 2009," said Neil Schwartzman, executive director with CAUCE (the Coalition Against Unsolicited Commercial Email), an anti-spam advocacy group. "About a dozen ESPs were hacked over the course of 2010."

That's particularly worrying because while Schwartzman and others say that many ESPs have been hacked, only four companies have admitted that they were compromised: Epsilon, Silverpop, AWeber Communications and ReturnPath, a company that sells services to ESPs.