Epsilon e-mail Marketing Breach

By now, you may have heard of the security breach at mass email marketing company Epsilon, where the names and email addresses of thousands, if not millions, of people have been stolen. The current list of companies include:

  • 1-800-Flowers
  • AbeBooks
  • Ameriprise Financial
  • Barclays Bank
  • Best Buy
  • Brookstone
  • Citibank
  • Disney Destinations
  • Hilton Worldwide
  • JP Morgan Chase
  • Kroger
  • Lacoste
  • Marriott International
  • McKinsey Quarterly
  • New York & Company
  • Robert Half
  • Target
  • Tivo
  • US Bank
  • Verizon
  • Walgreens

The warning emails are starting to role in. This one from Target:

When will it become Standard Operating Procedure, and an industry standard, if you are storing customer info, to store it in an encrypted database! It can’t be that difficult!! The money you are spending on the resulting PR, could probably have been used to secure the database.

I blame, not only Epsilon, but also the companies that dealt with Epsilon for not making it a requirement that the customer info be encrypted.

Computerworld – Microsoft Cloud Service Hit With Data Breach

Get used to it. Moving things to the “Cloud” is becoming more popular. So will the data breaches…

Company data belonging to customers of Microsoft’s hosted business suite BPOS has been accessed and downloaded by other users of the software.

Read more…Microsoft BPOS cloud service hit with data breach – Computerworld.

Data Breach Caused By Limewire at Investment Firm

Washington Post story which clearly illustrates why you need to be careful with file sharing programs like Limewire, despite the peer-to-peer (P2P) application arena having enormous potential.

Sometime late last year, an employee of a McLean investment firm decided to trade some music, or maybe a movie, with like-minded users of the online file-sharing network LimeWire while using a company computer. In doing so, he inadvertently opened the private files of his firm, Wagner Resource Group, to the public.

P2P applications like Limewire, allows you to share and swap files. Most people use it to share and download movies and music with other users. For those of you who have kids that use your computer, or their own computer on a local home network, be aware of P2P file sharing apps like Limewire. Companies should make it part of their corporate security policy to ban the installation and use of P2P apps (unless of course you have a business need). With P2P applications, such as Limewire, it’s pretty simple to, inadvertently, open up folders on your computer for sharing with the rest of the world.

…officials found that more than a dozen LimeWire users in places as far away as Sri Lanka and Colombia downloaded the list of personal data from the Wagner network.

And if your kids are using your computer and Limewire, you may be sharing your folders already.

In the case outlined in the Washington Post article, the McLean investment firm made two very big mistakes. One, allowing the employee to install and use Limewire. The second, not having their client information encrypted and stored in a secure location. Both of which, could  have easily been avoided using simple solutions.