I have to admit I had been feeling a bit left out. Everyone I knew was getting emails and letters from companies they do business with warning them about the Epsilon Data Management email breach and what might happen to them.
[ Want to cash in on your IT experiences? InfoWorld is looking for stories of an amazing or amusing IT adventure, lesson learned, or tales from the trenches. Send your story to firstname.lastname@example.org. If we publish it, we'll keep you anonymous and send you a $50 American Express gift cheque. ]
So it was quite a relief when I opened up an email from Marriott yesterday and read the following:
Dear Marriott Customer,
We were recently notified by Epsilon, a marketing vendor used by Marriott International, Inc. to manage customer emails, that an unauthorized third party gained access to a number of Epsilon's accounts including Marriott's email list.
In all likelihood, this will not impact you. However, we recommend that you continue to be on the alert for spam emails requesting personal or sensitive information. Please understand and be assured that Marriott does not send emails requesting customers to verify personal information.
We take your privacy very seriously. Marriott has a long-standing commitment to protecting the privacy of the personal information that our guests entrust to us. We regret this has taken place and apologize for any inconvenience.
I'm not such a digital loser after all. Epsilon spews out some 40 billion commercial emails a year (all legally, I might add); you'd have to be a hermit living in a cave to not be touched by this.
According to the company, hackers stole the email addresses for less than 2 percent of its clients, but if Epsilon happens to know which 2 percent, the company hasn't been talking about it. Epsilon posted an extremely terse, detail-challenged press release announcing the breach on April 1 (talk about your April Fools) and hasn't said much since.
Epsilon's client roster reads like a who's who of corporate America: JPMorgan Chase, Capital One, Marriott Rewards, McKinsey Quarterly, U.S. Bank, Citi, Ritz-Carlton Rewards, Brookstone, Walgreens, the College Board, the Home Shopping Network, Target, TiVo, and at least a dozen more.
How did Epsilon get its grubby fingers on my email address in the first place? Fortune 500 firms desperately want to keep an electronic leash on their customers, but they don't have a clue how to do it. Intead, they outsource the job to companies like Epsilon, sharing their massive customer databases with these marketers, who are contractually obligated to keep that data secure. (Apparently Epsilon didn't read the fine print.)