Last updated: April 11, 2011 - 9:07am
[Commentary] Americans are right to be concerned about a huge data breach at an online marketing company, Epsilon, which resulted in the theft of names and e-mail addresses for customers and employees of some of the nation’s largest businesses, including Citibank, Disney and Verizon.
Epsilon issued a statement assuring that no other information was compromised. But millions of consumers could still be vulnerable to sophisticated identity-theft ploys — “spear phishing” — in which scammers target e-mails to specific people and make it appear as if they came from a company they trust. Familiarity can lure victims into clicking on links, downloading malware, or responding to requests for account numbers or passwords. This is not an isolated case. The breach at Epsilon underscores the urgent need for a federal standard of data safety that ensures companies follow adequate policies and procedures to protect consumers’ information and determines companies’ legal liability for breaches. As Congress debates new data privacy rules, it should put data security at the forefront. Possibilities include imposing maximum periods for retaining personal data and rules about how to protect data that is flowing through corporate networks, stored on corporate servers or, increasingly, on the cloud. It certainly seems risky to have one company handle sensitive information about the customers of so many large firms. Consumers must also be vigilant. For starters, they should be wary about clicking on any e-mail attachment, even if it comes with a seemingly personal greeting from a business they know and trust.
- Breach at Epsilon Exposes Emails
- House Commerce, Manufacturing, and Trade Subcommittee Discusses Legislation to Protect Americans from Data Theft
- Data thieves target e-mail addresses
- Breach Brings Scrutiny
- The Threat of Data Theft to American Consumers
- Congress needs to get serious about cybersecurity
- More Data Thefts Affect Individuals, Verizon Report Finds
- Recap: Lessons for Data Security Legislation
- Sony Explains PlayStation Attack to Congress
- Consumers Wary Of Mobile Location Marketing
- Data Breaches Up Almost 50 Percent, Affecting Records of 35.7 Million People
- FTC: Internet gaming co. pays $3M settlement for kids privacy breach
- The Target hack gets worse: Phone numbers, addresses of up to 70 million customers leaked
- Email Subscribers Not Fully Engaged With Marketing Programs
- Who else reads your e-mail?