We Regret To Inform You

April 5, 2011

Chances are, if you are breathing and have done any kind of online business transaction in the last 5 years, you received an email like this one so many received just yesterday from Best Buy...

Dear Valued Best Buy Customer,

On March 31, we were informed by Epsilon, a company we use to send emails to our customers, that files containing the email addresses of some Best Buy customers were accessed without authorization.

We have been assured by Epsilon that the only information that may have been obtained was your email address and that the accessed files did not include any other information…

I checked around the office and found everyone had at least one… like this from CitiBank…

Recently, Citi was notified of a system breach at Epsilon, a third-party vendor that provides marketing services to a number of companies, including Citi. The information obtained was limited to the customer name and email address of some credit card customers. No account information or other information was compromised and therefore there is no reason to re-issue a new card….

Or Chase…

Chase is letting our customers know that we have been informed by Epsilon, a vendor we use to send e-mails, that an unauthorized person outside Epsilon accessed files that included e-mail addresses of some Chase customers. We have a team at Epsilon investigating and we are confident that the information that was retrieved included some Chase customer e-mail addresses, but did not include any customer account or financial information. Based on everything we know…

Target wouldn’t be outdone…

To our valued guests,

Target’s email service provider, Epsilon, recently informed us that their data system was exposed to unauthorized entry. As a result, your email address may have been accessed by an unauthorized party. Epsilon took immediate action to close the vulnerability and notified law enforcement….

And certainly Walgreens didn’t want to feel left out of the mix –

Dear Valued Customer,

On March 30th, we were informed by Epsilon, a company we use to send emails to our customers, that files containing the email addresses of some Walgreens customers were accessed without authorization.

We have been assured by Epsilon that the only information that was obtained was your email address. No other personally identifiable information was at risk because such data is not contained in Epsilon’s email system.

For your security, we encourage you to be aware of common email scams that ask for personal or sensitive information…

Or this one…

Dear Marriott Customer,

We were recently notified by Epsilon, a marketing vendor used by Marriott International, Inc. to manage customer emails, that an unauthorized third party gained access to a number of Epsilon’s accounts including Marriott’s email list.

In all likelihood, this will not impact you. However, we recommend that you continue to be on the alert…

I hear you apologize, and I feel oh so much better now.

Why are my big corporate “friends” falling all over themselves to apologize for something they did? Why are they spending alot of time in this apology passing the buck and blaming a sub-contractor?

Well, even though I have been violated, and even though the effects of this wide-scale security breach and theft have not yet been sorted out, these companies still need me to feel secure opting in, signing up, “friending” and just plain giving over as much of my personal data as I dare over the internet.

And permission to watch me interact on the web is alot to grant anyone – let alone a giant corporation and its sub-contractors. I am only half-kidding when I say, If I don’t, I may not be able to enjoy a high enough “consumer status” to matter to these companies.

The future of marketing to me is based on aggregate and individualized behaviors of mine, and people these companies think are like me.  The more data they collect, the more data they have to use to serve up some kind of “personalized” shopping or interactive experience.

The news media says  the company that got knocked up was Epsilon.

Who is Epsilon and why should I care?

Turns out Epsilon emails over 40 billion (with a b) emails each year on behalf of its 2500 mostly blue chip clients. To people like you and me.

Why does Epsilon get this business from all of my corporate “friends?” and thousands of other corporations just like them?

Epsilon has perfected the art of figuring out who does what to whom with email. It is, in reality, a big division of a huge data warehouse/data mining corporation called Alliance Data.

This company, and others like it, know everything about the aggregate you.

How?  Not only do they take care of personalizing all of the emails that you are sent every day – but they watch what you do with those emails and sell that information back to the companies that hired them in the first place.  It is a win-win, as they say… Citi or Best Buy doesn’t have to worry about sending out billions of emails – they just out-source it, and get reports back on our behaviors with that email – so they can hone their marketing campaigns and do it more effectively next time.

These data warehouse/data mining companies can track everything you do with and to an email. They know whether it is delivered. Whether you open it and when.  What you click on. What motivates you to do something or other from what is offered or how it is presented.  How frequently you like to be communicated to. And they can record it, and report it and do stuff with that data I can’t even dream about.

So the companies we do business with (and companies that don’t really look like they are doing business – such as Google or Facebook) – want you to interact with and through them as much as possible. That is why they want you to follow them.  And friend them. And join the affinity and rewards clubs.  The more interactions, the more your behaviors are tracked.

And used to sell to me or you and/or others who want to sell to me or you.

I know I should trust them.  I want so much to trust them.  But with what? My banking information. My medical information. My travel itineraries. My aggregate history.

And if I were buying the data I would ask this question. Is my composite still providing accurate modeling now that my email and untold millions of others have been hacked?

What nonsense will be served to me when I visit their sites next time, based on hacked transactions in turn based on phishing scams or phony emails served by hacked accounts. What assumptions about what products are being made based on faulty data.

You tell me. The correct answer is no one knows… because no one knows how your stolen information will be used.

And again, the question comes down to —

How safe is the stuff, my stuff and your stuff really – now that so much of it is stored – “in the cloud.”


Update – 4/26/11

I will not update this every time there is a huge breach.

But yesterday’s disclosure by Sony that 70 million play station users, their emails and credit cards have been compromised boggles the mind.





{ 0 comments… add one now }

Leave a Comment

Previous post:

Next post: