In most cases, all the hackers got was a name and an email address. What bad things could happen? Aside from the fact this data is going to get sold and resold a thousand times to various spammers, the smart money says it will also likely be used for spear phishing campaigns aimed at select customers. My bet is that Epsilon's banking clients will the first to be phished, since that's the fastest route to money.
If you think you're too smart to fall for a spear phishing attack, remember: Spear phishing is allegedly how Chinese hackers got access to Gmail passwords. If Google can be fooled, so can you.
Epsilon isn't exactly a warm and fuzzy company to start with. MSNBC's Bob Sullivan quotes Epsilon veep Tony Cheung whining about "trigger happy" Americans who label everything spam, even when it legally isn't:
A big part of Epsilon's job is convincing Internet service providers that the e-mails it sends on behalf of brand-name companies aren't spam. Annoyed recipients will trigger consumer complaints and spam reporting, which can cause a red flag at an ISP and ultimately disrupt an e-mail campaign.
Tony Cheung, an Epsilon vice president based in China, lamented in a recent column on the firm's site about Americans' "indignation response" to unwanted e-mails.
"Few Chinese e-mail users actually click to unsubscribe unwanted inbound mails, in stark contrast to the far more trigger-happy Americans and Europeans," he wrote.
The reason unwanted commercial email isn't technically spam is thanks to some extremely weak antispam laws. Essentially, if you've ever done business with a company at any time in the past and you made the mistake of providing them your email address, they can send you as much unsolicited email as they want -- at least, until you tell them to stop. Even if you're not a customer, they can email you out of the blue, and as long as they follow a few simple rules (such as provide a valid subject line, name, address, and working unsubscribe option) they can fill your inbox until you scream "no mas."
Technically, that's not spam. But on a practical basis, it is -- hence the "indignation response" we annoying Americans have to this problem.
You want indignation, Epsilon? You ain't seen nothing yet.
The safest path: For the foreseeable future, if you get any emails from any corporate entity that aren't in response to a request you've made, assume they are spam and delete with extreme prejudice. You might miss out on a few deals, but you'll be a bit safer -- and you'll wreak havoc with the business models of Epsilon and its spammy brethren.
This article, "Epsilon, spammers in expensive suits," was originally published at InfoWorld.com. Track the crazy twists and turns of the tech industry with Robert X. Cringely's Notes from the Field blog, and subscribe to Cringely's Notes from the Underground newsletter. For the latest business technology news, follow InfoWorld.com on Twitter.