The Epsilon Email Break-In: A Bad Break for The Cloud
Chances are good that you've recently received one or more messages informing you that someone may have snagged your email address without authorization. The problem is that someone breached the security at Epsilon, a major supplier of marketing services and database information, and got away with a number of emails, although the company hasn't said how many.
According to Epsilon, the breach affected approximately 2 percent of its total clients. That doesn't sound bad, until you realize that those clients include JPMorgan Chase, TiVo, Capital One Financial, Kroger, Walgreens, Disney, Best Buy, and AbeBooks. (I received emails from the last two, both warning of potential scams.) However, there could also be ramifications for cloud computing itself.
As my BNET colleague Alain Sherter noted, this could be one big data theft case, given Epsilon's list of large and high profile clients. Furthermore, even if you leave out credit card information, which the company says wasn't disclosed, Epsilon is one of the big names in compiling consumer information. It used multiple sources of information to follow a claimed 256 million U.S. consumers, and the company prides itself on having "unique, robust, hard to find consumer data, including: demographics, behavioral, ailment, brand usage, purchase intent, and lifestyle."
Hey, you, get off of my cloud
That's a scary set of data available on a mindbogglingly large number of people. Many rightly identify Epsilon as a cloud computing company, "so a security breach of the Epsilon system is, effectively, a breach of all its customers' systems, too," as Paul Ducklin of security vendor Sophos writes.
He is correct, and that's got the potential to upset corporate acceptance of cloud computing. No, not bury it, but certainly raise doubts. How many of Epsilon's clients saw it as a cloud computing company? Probably relatively few, at least among CEO, CFO, and general counsel crowds. But now they may find themselves with egg on their face because when you let someone host your data, you essentially give them a key to your company's virtual back door.
Corporations that have led the way in cloud usage will look at this in alarm. Although there have been some cloud breaches in the past, like Google's internal one and Twitter's loss of some confidential documents through Google apps, this may be the first time in which one big and long-established corporation cause significant potential liability to a bunch of even bigger corporate customers. And that's going to make a lot of people who write large checks to technology companies sit back and think.
Related:
- Microsoft's BFF: Google Gmail Outage, Day 3
- Hey Google, Enterprise Customers Want Full Security, Not Beta
- Why Online Marketers Didn't Police Privacy While They Still Could