Slashdot Mirror

← Back to Stories (view on slashdot.org)

Epsilon Breach Used Four-month-old Attack

Posted by CmdrTaco on from the way-to-go-guys dept.

schliz writes "Marketing giant Epsilon knew that it was vulnerable to an attack for 'some months' before suffering a high-profile breach last week. According to Epsilon's technology partner ReturnPath, the breach was part of a series of socially engineered attacks discovered in November."

3 of 48 comments (clear)

  1. Re:Proving once again by gstoddart · · Score: 3, Interesting

    That users are children. They lie, they don't listen, they ignore your advice, they actively look for ways to get around the measures you put in place for their benefit, and at the end of the day, when the users have done something galactically stupid, IT'S ALL YOUR FAULT!

    And, since they're storing other people's data (some of mine for example) they have a responsibility to make sure they're actually taking steps to protect it.

    So, I say don't treat them like children ... I say treat them like adults who are expected to know better, and make sure they have consequences, because they've been entrusted with this stuff. Don't coddle them and say "mustn't touch", this is serious stuff.

    I must say, I'm somewhat annoyed at the companies I dealt with who farmed out this stuff. But I figure if your industry is doing this stuff, you should be held to a standard similar to my banking information ... if you lose track of it, or allow a breach, there should be significant (and increasing) fines for something like this.

    There are now several companies I have a business relationship from whom I will have to largely distrust emails until I can bypass any links in the email and verify ... some of these companies have had over $10K in business from me in the last year. They're going to have to work awful hard to repair my trust.

    --
    Lost at C:>. Found at C.
  2. Re:Stupid by WrongSizeGlass · · Score: 5, Interesting

    Why aren't there more laws to fine the hell out of companies like this when they are grossly negligent. This is their business, they should know better.

    I'm guessing that there aren't more laws because legislators don't know shit about data & security so when they try to enact laws about these things they miss the mark by being too lax, too broadly defined or they just don't get it at all. Massachusetts seems to get it and recently handed down their first penalties.

  3. I work for... by holmedog · · Score: 5, Interesting

    A direct competitor for Epsilon and I can say that everyone in our business (Epsilon included) has security measures in place to stop these kinds of things. Problem is, everyone at these types of companies are people. We might have millions invested in keeping data safe, but when you pay someone $10/hr to flip tapes in the data warehouse, you're still taking a risk that person might be doing something stupid in the interim. The simple fact is, data warehousing happens because it is cost efficient for companies to pay us to do it. That cost savings is seen by the consumer in the rates being knocked down for services. Why do you think you can get insurance so cheap? (well, here goes my karma...)