Epsilon Security Breach and Privacy

Discussion in 'Miscellaneous' started by Coloratura, Apr 4, 2011.

  1. Coloratura

    Coloratura Snuggle Princess Premium Member

    Joined:
    Dec 25, 2002
    Location:
    Ohio, USA
    If you haven't heard about it yet, Epsilon, a company that stores consumer information, had a huge security breach and millions of email addresses connected with names were exposed to a third party [LINK]

    Now, as for myself, in the past few days I've received a ton of email notifications from various retailers and financial institutions telling me I should now be wary because of this breach.

    Epsilon insists that none of the emails and names were connected to financial data or personal data like social security numbers, but how much of that is certain? At the very least, people on that list will now start getting a lot more spam. This makes me think about privacy, and how much we expect from large companies who are charged with protecting sensitive data. Look at social media sites like Facebook, where every bit of data is gleaned and stored, and then sold to third parties.

    People say "don't put your information out there for others to see", and for social sites like Facebook and Myspace, that's true, but for companies like U.S. Bank, Target, Best Buy, collegiate institutions, what do you do there? If these third parties didn't get access to CC# and SS# info, how close were they? How well protected is that information?

    As a note, I'd like this to be in Misc instead of Sci/Tech because I'm focusing more on the social aspects of it, not just the technology aspects of it.

    So, what are your thoughts?
     
  2. Nowhere Man

    Nowhere Man Commodore

    Joined:
    Nov 19, 2007
    Location:
    Nowhere Land
    I think people should be able to sue these companies(I don't know if they can or not) I also think that all of this stuff has gotten out of hand. Maybe some legislation is needed to protect against the "protectors". Who watches the watcher?
     
  3. Collingwood Nick

    Collingwood Nick Vice Admiral Admiral

    Joined:
    Jan 28, 2002
    You could sue for negligence .. they would have to prove that they did everything that would be reasonably expected of them to protect the data.

    BUT! You haven't sustained a loss and you haven't been harmed. I don't see you getting much of a payout.
     
  4. Coloratura

    Coloratura Snuggle Princess Premium Member

    Joined:
    Dec 25, 2002
    Location:
    Ohio, USA
    How would you go about suing them? On what grounds?

    What would you constitute as a loss?
     
  5. teacake

    teacake Fleet Admiral Admiral

    Joined:
    Jan 20, 2007
    Location:
    inside teacake
    Mental stress and trauma. Breach of trust.
     
  6. Collingwood Nick

    Collingwood Nick Vice Admiral Admiral

    Joined:
    Jan 28, 2002
    I am not a lawyer. I am sure a good one would find a way to sue. That said, I would have thought either direct financial loss (your money is stolen), damage or loss to your property, or injury to yourself, would be the only things you can sue for. Illusionary things like 'privacy' deserve illusionary payouts.
     
  7. Nowhere Man

    Nowhere Man Commodore

    Joined:
    Nov 19, 2007
    Location:
    Nowhere Land
    I'm not a lawyer either, but I'd imagine a class action suite since so many people are involved. Maybe you can sue for damages, breach of trust or contract. Since you are entrusting these companies with your info, you are in a contract with them. They have to be held responsible some how. Maybe there should be and FDIC type thing for this. If it happens enough, hopefully State legislatures will start coming up with something. Like I said, I'm not a lawyer, just throwing ideas out there.
     
  8. Collingwood Nick

    Collingwood Nick Vice Admiral Admiral

    Joined:
    Jan 28, 2002
    Me knowing your email address doesn't make it a contract, but me providing you with a service certainly does and whatever the terms and conditions of my looking after your private data is would form part of that contract.
     
  9. Coloratura

    Coloratura Snuggle Princess Premium Member

    Joined:
    Dec 25, 2002
    Location:
    Ohio, USA
    I could see that. I wonder if it would work?

    Privacy isn't supposed to be an illusion. Someone can't tear down your door to your home and enter legally without your express permission.

    Well, yes and no. There are usually fine print clauses for companies that collect your data and store it in third party servers. An FDIC type service would only work to recover your lost data, it probably wouldn't help in any other way.
     
  10. Collingwood Nick

    Collingwood Nick Vice Admiral Admiral

    Joined:
    Jan 28, 2002
    One of the benefits of owning property. That's got nothing to do with 'privacy', whatever that is.
     
  11. Coloratura

    Coloratura Snuggle Princess Premium Member

    Joined:
    Dec 25, 2002
    Location:
    Ohio, USA
    So can you walk into a women's restroom, while women are present, without being arrested?
     
  12. Collingwood Nick

    Collingwood Nick Vice Admiral Admiral

    Joined:
    Jan 28, 2002
    I've done it when the men's room was closed, yes. Might be different in your country. I don't know. What does this have to do with the issue of who has your email address?
     
  13. Coloratura

    Coloratura Snuggle Princess Premium Member

    Joined:
    Dec 25, 2002
    Location:
    Ohio, USA
    Gaining access to something in which you are not permitted to gain access. Trespassing. Stealing. Invasion of Privacy. In the U.S., it's protected by the 4th and 5th Amendments to the Constitution.
     
  14. Collingwood Nick

    Collingwood Nick Vice Admiral Admiral

    Joined:
    Jan 28, 2002
    You've bought into the cultural delusion that signage matters.

    Or are we back to talking about email addresses?

    I'll assume you are.

    - Gaining access to something in which you are not permitted to gain access.

    Way too fuzzy to be illegal.

    - Trespassing.

    Obtaining a copy of your email address is neither trespass to the person nor to any real property. You can't trespass on intellectual property.

    - Stealing.

    It would be stealing if I hijack your email address. Merely knowing what it is - no.

    - Invasion of Privacy.

    Well, if that is law, then it's law. My concern is more that 'privacy' doesn't exist in any real sense. So how can someone invade it?
     
  15. Goliath

    Goliath Vice Admiral Admiral

    Joined:
    Aug 20, 2003
    Location:
    The Fifth Dimension
    That's interesting. Just yesterday, I noticed that my Hotmail "Junk" folder seemed to be filling up more quickly than usual.

    It might just be coincidence, but it makes you wonder.
     
  16. Coloratura

    Coloratura Snuggle Princess Premium Member

    Joined:
    Dec 25, 2002
    Location:
    Ohio, USA
    Privacy is protected under the 4th and 5th amendments to the U.S. Constitution. Epsilon is a U.S. company. Data storage is a vital part of commerce, and it all comes down to trust. Epsilon is trusted to keep private data safe, particularly if it's third party processing data that involves credit cards and home addresses. The reason this is a concern, is because while Epsilon states no personal ID was stolen, how can I trust that to be so?

    I also strongly disagree that you can't trespass on intellectual property. You can. It's called "plagiarism" and "infringement".


    I wouldn't doubt it has something to do with that. Epsilon stores massive numbers of email addresses along with other processing information. I just got an email from Walgreens this afternoon. This makes number 9 for me regarding this issue with Epsilon. My spam folder has tripled it's normal storage since the other day.
     
  17. Sephiroth

    Sephiroth Vice Admiral Admiral

    Joined:
    Jul 15, 2004
    Location:
    Sephiroth
    my question is who got the addresses and what is the DOJ doing to track them down?
     
  18. Coloratura

    Coloratura Snuggle Princess Premium Member

    Joined:
    Dec 25, 2002
    Location:
    Ohio, USA
    That's a good question. I hope we hear an answer soon.
     
  19. Holdfast

    Holdfast Fleet Admiral Admiral

    Joined:
    Feb 19, 2000
    Location:
    17 Cherry Tree Lane
    I got an email from Hilton, telling me their database was managed by Epsilon and may have been compromised by this breach. That's the only email I've had about it. I haven't noticed an upswing in spam, at least not yet. Fingers crossed I got lucky.

    Funny thing is, I haven't even stayed in one of their mediocre hotels for years, but I guess my email is still on their HHonors database. I wonder if I have any points left after this time; IIRC they got removed after a year or so, so I'm surprised my account hasn't been wiped. Probably been busted all the way back down to Blue instead. :lol:

    As long as only email addresses have been accessed, I can't say I'm too bothered.