My guess is that, like me, you’ve received many soothing-but-scary emails over the last few days from Target, TiVo, Best Buy, maybe even your bank. They explain how, oops, someone might have accidentally tapped into their database and found your email, but don’t worry! Just maybe think twice before clicking on any email links until you make sure it’s from the company you trusted to not leak your email in the first place.
It’s a headache, but not a huge problem all by itself. Except, of course, the sheer number of companies impacted. Because everyone was using the same company, Epsilon, it was just one-stop shopping for the hackers. Not only did they get email addresses and names, but now they also have information on which lists each email was on, meaning they can target and spam even more effectively. Lovely…
Forbes.com has a great explanation of Epsilon:
So, why is this company you’ve never heard of sending out 40 billion emails per year on behalf of clients like McKinsey Quarterly, Ritz-Carlton and 1-800-FLOWERS? It’s not just because these companies prefer to outsource the process of “hitting send” to a subcontractor. Epsilon is a major player in the world of email tracking.
When you opt to get emails from a company or organization, you’re often asked to choose between html and plain text. Choosing the html version means more than just pretty pictures; it also allows for tracking of that email. A company like Epsilon can determine whether their client’s email is going to your junk folder, or whether you opened it (and when), and what you clicked on when reading the email.
Given what it knows about people’s email habits, you likely won’t be surprised to find out that Epsilon is also a data broker. It’s owned by Alliance Data (NYSE:ADS), a company that deals in “transaction-rich consumer data.” Epsilon prides itself on being “the world’s leading source of data” (and not just to hackers) — with “information on over 250 million consumers” regarding their “lifestyles, attitudes, and behaviors.”
According to Forbes, while there are a few state-by-state laws regarding privacy, there’s no nationally enacted legislation that punishes companies for these kinds of breaches. It’s frustrating, and a further reminder to always, always, be super careful when you read your email. Anything a company sends you should be easily verifiable over the phone or on their website. Personally, I never, ever, click-through links in emails from my bank or any other company that deals with my financials, even when I’m 99.99999% sure it’s actually genuine. Now after this breach, I’m going to try to do the same with retailers as well.
Were you impacted by the Epsilon leak? Is it changing how you approach giving out your email in the future? Sound off below!
