Spot Quiz: What does the word Epsilon mean to you? It is the fifth letter of the Greek alphabet. As I recall, in its lowercase form, epsilon stands for elasticity, among economists. There might even be a fictional spy named Epsilon.
I'll bet that up until a few days ago you didn't know that Epsilon was also the name of a company that has exposed millions of Americans (including you, most likely) to the increased risk of imposter fraud, a crime that made it to the Federal Trade Commission's top 10 complaints list this year for the first time. Epsilon is a unit of Alliance Data that collects consumer information from hundreds of corporate clients to manage their email marketing campaigns.
On April 1, Epsilon posted a terse announcement on its corporate website that set off a media frenzy and confirmed, yet again, the end of the Age of Digital Innocence:
IRVING, TEXAS – April 1, 2011 – On March 30, an incident was detected where a subset of Epsilon clients' customer data were exposed by an unauthorized entry into Epsilon's email system. The information that was obtained was limited to email addresses and/or customer names only. A rigorous assessment determined that no other personal identifiable information associated with those names was at risk. A full investigation is currently underway.
Apparently, an unknown cyber ninja (or coven of ninjas) had efficiently and maliciously gained unauthorized access to the Epsilon system and caused, according to Michael Kleeman, a network security expert at the University of California at San Diego, a "massive hemorrhage" of what has heretofore been considered nonpersonal identifying information, yet now is viewed by a growing number of privacy experts as the Social Security Number of the Digital Age -- the email address combined with a name. In other words, the data that consumers provided to many large companies, such as J.P. Morgan Chase, Citibank, Kroger, Target, Best Buy, Disney Destinations and Verizon, could now be in the hands of guys we would never want to friend on Facebook.
(Related article: Giant Data Breach Hits Nation's Largest Banks, Retailers)
Let's make the salutary (and perhaps facile) assumption that the press releases and email alerts are accurate. So all the bad guys have is our email addresses and our names, right? No biggie, right? Well, not exactly. The problem is that our email addresses are also our user IDs on many websites. Few people are willing to change their email addresses, because too many other people would have to be notified. So in my case, I will have to strengthen my already strong passwords -- again.