The Data Breach Syndrome for April 2011

Over the last ten or so years, we’ve seen every conceivable data breach you can imagine. Most folks think these are the resulf of some foreigners looking to sabotage our lives, but, truth is, we have plenty of problems right here in our own backyard. I like the headline in the FastCompany breakdown of the Epsilon fiasco for starters: “The Epsilon Breach: How Worried–and Angry–Should You Be? I wish I had documented some of the stories I have heard over the years about some of the bigger data houses and what they are up to with your private information. The gist of this story, “Epsilon sends something like 40 billion emails each year on behalf of its 2,500 clients. Yesterday, Epsilon said about 2% of its clients–some 50 brands–were affected by the breach,” is brought forth to bear by none other than NPR which ought to bring them even more flak from hacks looking to stick a fork in them.

Breaching Whales Not Part Of The Syndrome, But Still Dangerous

Even Verizon, the largest U.S. mobile telephone carrier, advised users Tuesday their incursion was part of the Epsilon data breach.

“Epsilon has assured us that the information exposed was limited to email addresses, and that no other information about you or your account was exposed,” Verizon said in an email to a customer sent on Tuesday evening.

The problem is, because these data breaches have overwhelmed the systems, and especially the diminished capacity of the government to do a damn thing about them, these companies downplay their danger to you. You’ve all probably seen these “spear-phishing” attacks in your spam filters. You know the ones that imitate your bank or some other institution you do business with so some folks will click on them and poof, their world goes up in smoke.

Alliance Data is the parent company of Epsilon, and, don’t kid yourself, these big data guys are using this data for things other than sending you a catalog or offer from Brookstone, Best Buy, The College Board, Citi, Walgreens, Disney Destinations, McKinsey & Company, the Home Shopping Network, JPMorgan Chase, TiVo, Kroger, Captial One, or one of the other 2,500 companies for which they do email. As we’ve said here many times, it’s the demographic information they’re after. If you are doing business with one of those 2,500 companies, tell them to fire Epsilon. Chances are they won’t find a perfect replacement, but you will feel better.


Having said all that about the government missing the mark, here is some news that may give you comfort. “Pandora has revealed. The streaming music company recently amended its S-1 filing with the Securities and Exchange Commission (SEC) to note that it had been subpoenaed to produce documents about its user data collection on Android and iOS devices, which the company believes is related to an industry-wide probe into how mobile apps capitalize on user information.”

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
2010, The Year of Data Center Transformation
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –

Not even the 500 lb. gorilla is exempt apparently: “Apple has historically claimed that it effectively anonymizes data that it collects and does not share any of that data with advertisers. However, according to research conducted by the Wall Street Journal last year, data such as location, age, gender, and even sexual orientation or political views are often collected and sent back to Apple, developers, and ad networks themselves. ” Google, Microsoft, Facebook and others are the subject of the probe though no one is predicting any indictments. It’s just too damn easy to hide under the radar and hide what is being done. My guess is that one day soon a rebellion will happen where people realize how many times this data is sold, re-sold and used to compromise our lives and maybe then we will have the things in place to protect our privacy once again.

Not all is lost and we like to save the good news for last. This was just announced from TRUSTe:

TRUSTe’s Newly Released Privacy Solutions Achieve Significant Industry Traction in Online Advertising, Tracking and Business Analytics
Key Industry Players Embrace Just-Launched Third-Party Data Collection Program; Company Announces General Availability of Internet Explorer 9 Tracking Protection List

San Francisco, CA – April 4, 2011 – TRUSTe, the leading privacy trustmark and provider of privacy solutions, today announced key milestones demonstrating the tremendous traction of its comprehensive suite of privacy certification solutions for the rapidly changing world of online advertising, tracking and business analytics. The momentum reflects TRUSTe’s unparalleled reputation for high privacy and data management standards, respect for consumer choice, and dedication to extending online trust on any platform by providing key solutions that leverage TRUSTe’s unparalleled privacy expertise and innovative technologies.

First, TRUSTe announced that three new companies have selected its recently-unveiled TRUSTed Data Collection privacy certification program. BlueKai has become the first data platform to be certified under the TRUSTed Data Collection program; comScore, a global leader in measuring the digital world, is the first business analytics company to be certified under the program. Casale Media, a premium online media network, is currently undergoing the certification process. Each of these companies has demonstrated that they meet TRUSTe’s standards, including honoring consumer choices, limiting data retention and providing full disclosure.

No comments yet.

Leave a Reply