The Trek BBS

The Trek BBS (http://www.trekbbs.com/index.php)
-   Miscellaneous (http://www.trekbbs.com/forumdisplay.php?f=19)
-   -   Epsilon Security Breach and Privacy (http://www.trekbbs.com/showthread.php?t=139849)

J. Allen April 4 2011 11:57 PM

Epsilon Security Breach and Privacy
 
If you haven't heard about it yet, Epsilon, a company that stores consumer information, had a huge security breach and millions of email addresses connected with names were exposed to a third party [LINK]

Quote:

In what may be one of the largest digital security breaches in United States history, millions of customer email addresses have been exposed as a result of a breach at Epsilon. BGR reported on Saturday that TiVo customer email adresses had been compromised as a result of unauthorized access to online marketing company Epsilon’s servers. Following that report, several other companies have come forward to confirm that their customers’ email adresses may have been exposed. Those potentially affected include customers enrolled in Best Buy’s Reward Zone program as well as customers of Citigroup, J.P. Morgan Chase, TiVo, Barclays, Walgreens, U.S. Bancorp, Capital One, HSN and College Board, which represents almost 6,000 different U.S. colleges and universities.
Now, as for myself, in the past few days I've received a ton of email notifications from various retailers and financial institutions telling me I should now be wary because of this breach.

Epsilon insists that none of the emails and names were connected to financial data or personal data like social security numbers, but how much of that is certain? At the very least, people on that list will now start getting a lot more spam. This makes me think about privacy, and how much we expect from large companies who are charged with protecting sensitive data. Look at social media sites like Facebook, where every bit of data is gleaned and stored, and then sold to third parties.

People say "don't put your information out there for others to see", and for social sites like Facebook and Myspace, that's true, but for companies like U.S. Bank, Target, Best Buy, collegiate institutions, what do you do there? If these third parties didn't get access to CC# and SS# info, how close were they? How well protected is that information?

As a note, I'd like this to be in Misc instead of Sci/Tech because I'm focusing more on the social aspects of it, not just the technology aspects of it.

So, what are your thoughts?

Nowhere Man April 5 2011 02:18 AM

Re: Epsilon Security Breach and Privacy
 
I think people should be able to sue these companies(I don't know if they can or not) I also think that all of this stuff has gotten out of hand. Maybe some legislation is needed to protect against the "protectors". Who watches the watcher?

Collingwood Nick April 5 2011 02:21 AM

Re: Epsilon Security Breach and Privacy
 
You could sue for negligence .. they would have to prove that they did everything that would be reasonably expected of them to protect the data.

BUT! You haven't sustained a loss and you haven't been harmed. I don't see you getting much of a payout.

J. Allen April 5 2011 05:18 AM

Re: Epsilon Security Breach and Privacy
 
Quote:

Hilbilly Rage wrote: (Post 4862587)
I think people should be able to sue these companies(I don't know if they can or not) I also think that all of this stuff has gotten out of hand. Maybe some legislation is needed to protect against the "protectors". Who watches the watcher?

How would you go about suing them? On what grounds?

Quote:

Collingwood Nick wrote: (Post 4862594)
You could sue for negligence .. they would have to prove that they did everything that would be reasonably expected of them to protect the data.

BUT! You haven't sustained a loss and you haven't been harmed. I don't see you getting much of a payout.

What would you constitute as a loss?

teacake April 5 2011 05:37 AM

Re: Epsilon Security Breach and Privacy
 
Quote:

J. Allen wrote: (Post 4862951)
Quote:

Hilbilly Rage wrote: (Post 4862587)
I think people should be able to sue these companies(I don't know if they can or not) I also think that all of this stuff has gotten out of hand. Maybe some legislation is needed to protect against the "protectors". Who watches the watcher?

How would you go about suing them? On what grounds?

Mental stress and trauma. Breach of trust.

Collingwood Nick April 5 2011 05:40 AM

Re: Epsilon Security Breach and Privacy
 
Quote:

J. Allen wrote: (Post 4862951)
What would you constitute as a loss?

I am not a lawyer. I am sure a good one would find a way to sue. That said, I would have thought either direct financial loss (your money is stolen), damage or loss to your property, or injury to yourself, would be the only things you can sue for. Illusionary things like 'privacy' deserve illusionary payouts.

Nowhere Man April 5 2011 07:09 AM

Re: Epsilon Security Breach and Privacy
 
I'm not a lawyer either, but I'd imagine a class action suite since so many people are involved. Maybe you can sue for damages, breach of trust or contract. Since you are entrusting these companies with your info, you are in a contract with them. They have to be held responsible some how. Maybe there should be and FDIC type thing for this. If it happens enough, hopefully State legislatures will start coming up with something. Like I said, I'm not a lawyer, just throwing ideas out there.

Collingwood Nick April 5 2011 07:13 AM

Re: Epsilon Security Breach and Privacy
 
Me knowing your email address doesn't make it a contract, but me providing you with a service certainly does and whatever the terms and conditions of my looking after your private data is would form part of that contract.

J. Allen April 5 2011 07:38 AM

Re: Epsilon Security Breach and Privacy
 
Quote:

teacake wrote: (Post 4863001)
Mental stress and trauma. Breach of trust.

I could see that. I wonder if it would work?

Quote:

Collingwood Nick wrote: (Post 4863005)
I am not a lawyer. I am sure a good one would find a way to sue. That said, I would have thought either direct financial loss (your money is stolen), damage or loss to your property, or injury to yourself, would be the only things you can sue for. Illusionary things like 'privacy' deserve illusionary payouts.

Privacy isn't supposed to be an illusion. Someone can't tear down your door to your home and enter legally without your express permission.

Quote:

Hilbilly Rage wrote: (Post 4863131)
I'm not a lawyer either, but I'd imagine a class action suite since so many people are involved. Maybe you can sue for damages, breach of trust or contract. Since you are entrusting these companies with your info, you are in a contract with them. They have to be held responsible some how. Maybe there should be and FDIC type thing for this. If it happens enough, hopefully State legislatures will start coming up with something. Like I said, I'm not a lawyer, just throwing ideas out there.

Well, yes and no. There are usually fine print clauses for companies that collect your data and store it in third party servers. An FDIC type service would only work to recover your lost data, it probably wouldn't help in any other way.

Collingwood Nick April 5 2011 07:47 AM

Re: Epsilon Security Breach and Privacy
 
Quote:

J. Allen wrote: (Post 4863168)
Privacy isn't supposed to be an illusion. Someone can't tear down your door to your home and enter legally without your express permission.

One of the benefits of owning property. That's got nothing to do with 'privacy', whatever that is.

J. Allen April 5 2011 07:50 AM

Re: Epsilon Security Breach and Privacy
 
Quote:

Collingwood Nick wrote: (Post 4863175)
Quote:

J. Allen wrote: (Post 4863168)
Privacy isn't supposed to be an illusion. Someone can't tear down your door to your home and enter legally without your express permission.

One of the benefits of owning property. That's got nothing to do with 'privacy', whatever that is.

So can you walk into a women's restroom, while women are present, without being arrested?

Collingwood Nick April 5 2011 08:14 AM

Re: Epsilon Security Breach and Privacy
 
I've done it when the men's room was closed, yes. Might be different in your country. I don't know. What does this have to do with the issue of who has your email address?

J. Allen April 5 2011 08:16 AM

Re: Epsilon Security Breach and Privacy
 
Quote:

Collingwood Nick wrote: (Post 4863211)
I've done it when the men's room was closed, yes. Might be different in your country. I don't know. What does this have to do with the issue of who has your email address?

Gaining access to something in which you are not permitted to gain access. Trespassing. Stealing. Invasion of Privacy. In the U.S., it's protected by the 4th and 5th Amendments to the Constitution.

Collingwood Nick April 6 2011 12:38 AM

Re: Epsilon Security Breach and Privacy
 
You've bought into the cultural delusion that signage matters.

Or are we back to talking about email addresses?

I'll assume you are.

- Gaining access to something in which you are not permitted to gain access.

Way too fuzzy to be illegal.

- Trespassing.

Obtaining a copy of your email address is neither trespass to the person nor to any real property. You can't trespass on intellectual property.

- Stealing.

It would be stealing if I hijack your email address. Merely knowing what it is - no.

- Invasion of Privacy.

Well, if that is law, then it's law. My concern is more that 'privacy' doesn't exist in any real sense. So how can someone invade it?

Goliath April 6 2011 01:49 AM

Re: Epsilon Security Breach and Privacy
 
Quote:

J. Allen wrote: (Post 4862315)
At the very least, people on that list will now start getting a lot more spam.

That's interesting. Just yesterday, I noticed that my Hotmail "Junk" folder seemed to be filling up more quickly than usual.

It might just be coincidence, but it makes you wonder.


All times are GMT +1. The time now is 04:32 PM.

Powered by vBulletin® Version 3.8.6
Copyright ©2000 - 2015, Jelsoft Enterprises Ltd.
FireFox 2+ or Internet Explorer 7+ highly recommended.