Epsilon, the world’s largest permissions based email marketing provider, has had a rather large breach. Names and email addresses were accessed, as well other pieces of information in some cases. Bring in the lawyers and consultants and start writing checks. To be honest though, I love coming in and cleaning up a mess. I see and FTC consent decree in the near future! Nice timing with bills being introduced on The Hill as well.
Here is Epsilon’s 1 April 2011 press release:
IRVING, TEXAS – April 1, 2011 – On March 30th, an incident was detected where a subset of Epsilon clients’ customer data were exposed by an unauthorized entry into Epsilon’s email system. The information that was obtained was limited to email addresses and/or customer names only. A rigorous assessment determined that no other personal identifiable information associated with those names was at risk. A full investigation is currently underway.
I like how they give a number for customer and media inquiries. I assume the call centers are appropriately staffed to handle the volume and that they are trained. If notifications are being made by their customers, then the call volume is likely to be low, unless the customers have an arrangement to give out these numbers.
The term “subset” seems a little disingenuous as we are not beginning to hear about how large the breach is. It’s important not to mislead customers or regulators. There isn’t much to this message, but that makes some sense given that the consumer relationships are likely with the brand. At this point I suspect that the lawyers have swooped in and are minimizing statements. This approach may work more for a behind the scenes services provider, but I don’t believe it works with brands that have direct consumer relationships.
I assume Epsilon account execs are working feverishly behind the scenes to minimize brand damage and maintain customer relationships. It’s important in these situations to have consistent themes being pushed out by the event manager and his/her team to field personnel so that the message is consistent. Clear escalation lines of new issues need to be in place with a centralize clearing house for responding to newly identified issues.
Well, most of us have been in this situation. My advice: keep the lawyers on speed dial, brew coffee and stay calm.
UPDATE (28 April 2011): Epsilon has stated that the “subset” is 2% of clients.