Epsilon Data Breach
Epsilon reported a data breach on Friday. This breach made a lot of shock waves last a few days as new information about impacted clients became known. Banks, retailers, you name it. I received an email Saturday morning informing me that my first and last name along with my email address were exposed (what a wonderful news for Saturday morning, isn’t it!?).
What is disturbing to me is how this breach was communicated. While it is good that I was notified, the notification I received was confusing. It stated that I may start getting spam. What is not clear to me whether information linking an email address to an Epsilon customer was exposed. This creates a possibility of more dangerous attacks – phishing – where you start getting emails “on behalf of” an Epsilon customer prompting users to reveal more information, for example, “You heard our database was breached. Please click *this link* to reset your password”. This information was not communicated at all and it may not be very obvious to the users of Epsilon customers.