As part of his role as chairman of the Privacy, Technology and the Law
subcommittee, Sen. Al Franken, D-Minn., is investigating the security
breach at marketing and management firm Epsilon that occurred earlier
this month.
University of Minnesota students were bombarded with emails last week
from Epsilon clients, including Target, Citigroup and Verizon. The
messages notified them of the breach that unveiled the records of
approximately 2 percent of the marketing database company’s 2,500
corporate clients.
Now Congress is demanding the company release more information about
the breach.
On Monday subcommittee member Sen. Richard Blumenthal, D-Conn.,
requested Epsilon CEO Bryan Kennedy come up with a plan to prevent
data hackings in the future. Franken said a major problem is that many
Americans don’t know where their information is stored or who’s in
charge of it.
“This is one of the largest data breaches in history,” Franken said in
a written statement. “Yet most of the people affected by the Epsilon
breach had never heard of that company before.”
While the Epsilon breach is a national concern, Franken said it’s also
a particular problem for Minnesota, as many state employers do
business with the email marketing firm, including Best Buy and U.S.
Bank. Franken vowed to do more to protect users’ information online.
The U.S. Senate’s Privacy, Technology and the Law subcommittee is part
of the Judiciary Committee and was formed in February. It came in
response to the explosion of social media and online activity in
general, Judiciary Committee Chairman Sen. Patrick Leahy, D-Vt., said
in a statement.
“We need to give Americans more awareness about who has their
information and [give them] greater ability to protect it,” he said in
the statement.
As Congress is looking for a more detailed report on the magnitude of
the breach, students are on the lookout for the phishing scams
expected in the wake of the breach.
Marketing senior Gina Clementi got an email about the breach from
Express and heard about it in her business class at the University.
“They called [phishing] the next wave of crime, and it definitely
scared me,” Clementi said. “The email says ‘Hey, we’ve got it all
under control,’ and it could be a cover-up, we don’t really know.”
Since the cyber thieves obtained names and email addresses, consumers
are at risk for “spear phishing” — phishing scams targeted to specific
individuals via email or phone.
“I feel like I’m smart enough to know what’s legit and what’s not,”
mechanical engineering senior Jim Dawson said. “I always follow the
general rule that you don’t give out info unless you initiated some
contact first.”
The Epsilon incident is the second major email marketing company
breach within six months since Silverpop –– a provider with more than
100 clients, including McDonald’s –– was hacked in December.
Alliance Data, Epsilon’s parent company, confirmed that Social
Security and credit card numbers were safe.
Epsilon currently makes up 22 percent of Alliance Data’s total profit,
taking in $65 million last year.
No comments:
Post a Comment