The recent, and rather public, admission from Epsilon that they had their servers breached by hackers and customer data had been accessed is another very public embarrassment for companies that do not take both data security and network security seriously. When I mean serious, I don't just mean that we have principles, guidelines and protocol that manages both your data and networks, but it runs deeper than that - and to Epsilon's point, this wasn't even their customers, it was their clients customers, which quite frankly is worse.
Epsilon, regard themselves as "the industry’s
leading marketing services firm, with a broad array of data-driven,
multichannel marketing solutions that leverage consumer insight to help brands
deepen their relationships with customers." Their list of clients run from Airlines to Banks, from Retailers to Media companies - in essence an entire spectrum of clients who put their faith, trust and their customer data in the hands of a third party to manage.
This of course is nothing new, companies outsource and leverage other companies to handle and manage a lot of the work that they feel they can not justifiably manage and deliver as well as companies that have Marketing as their core competency, as they just want to get on with the job of Marketing Campaigns, Brand Development and Insightful Communications - let others do the sorting, managing and delivery of that message - it will still have the brand and content from us, and the consumer won't know or care!
But THAT is just the issue that has now faced both the end consumer, but more importantly the Brands & Companies themselves. When the news broke about the hack at Epsilon, for people in the industry, our thoughts were around what clients did Epsilon have? How much data was taken? How are they going to manage the fallout of this? Your average consumer at this stage, if they followed any of the breaking news, again this would not set any alarm bells off because there was no association at this point to and specific brands.
The next stage of the news break suddenly took a twist, over 35 huge Brand names such as Target, Best Buy, L.L. Bean, TiVo, Citi Bank, JP Morgan Chase & Marriott all started to alert their customers to a security breach some are sending emails - others are adding alerts on their website to let customers know... either way in however they communicate to their customers, the onus and responsibility sits squarely with the Brand and not Epsilon. The consumer doesn't care if it was outsourced, managed by someone else, sat in a cloud somewhere - what they are concerned with is that they gave you (the company) their email address (possibly more if they purchased or are a returning customer with details on file) in good faith that you, the brand, would look after it responsibly and respectfully - this breach will only fuel the mistrust that some have about web security and taint some of these brands in trusting them with their data and information.
So while this story develops further and we find that according to Epsilon on 2% of their total clients was actually effected & accessed, of which we already knew, however if of those 35+ clients, if they each have a database of 1,000,000 customer email addresses, then the breach affects over 20,000,000 customers - which is cause for concern. The next element was that "it was only email data that was accessed" it maybe email, but if it's a bank or similar - the hackers will sell this data over to other scrupulous firms, that will easily create a phishing site, and deliver a targeted email to the database that they know are customers as they accessed it - and the security issue continues...
So, in a world where we freely sign up and give our email addresses to companies, because we would like to know more, get offers, or just so they can communicate with me, the old adage that it's the web, business can't manage or handle the sheer amount of data, don't have the skills in-house, technology is either complex or expensive or they do not really see this as a key communication channel - they will farm this out to companies to do on their behalf. Perhaps now these companies need to consider how their CRM systems work, how do they manage their customer segments and how should they communicate to their consumers and with what offer? Maybe now, more than ever, its time for brands and customers to take ownership and responsibility on how they really do manage their customers web data - because no matter what these businesses may think in terms of cost reduction, efficiency, who has responsibility to manage the daily delta customer database and security of it...they're still YOUR customers and YOU are responsible.