DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Who should be notifying consumers about the Epsilon breach?

Posted on April 7, 2011 by Dissent

Senator Richard Blumenthal, a staunch consumer privacy advocate, has said that Epsilon should be notifying every consumer whose data were involved in the recent humongous breach. You can read his entire letter to Attorney General Eric Holder requesting an investigation on his web site, but here’s part of what he wrote:

I believe that immediate notification to all customers is vital to protect them – and enable them to protect themselves – from identity theft.

[…]

I believe that affected individuals should be notified and provided with financial data security services, including free access to credit reporting services, for two years, the costs of which should be borne by Epsilon or its affected clients.  I believe it is also necessary to provide every affected individual with sufficient insurance to protect them against possible financial consequences of identity theft.

Who Should Send Us the Notifications?

Should Epsilon be sending us the notifications – as Senator Blumenthal’s letter would seem to suggest – or should the company who gave our data to them be sending us the notifications?

If you have an account with a store and got a branded credit card through World Financial Network National Bank (WFNNB), WFNNB sent you the notification and apology email. They told you that their email was about [name of store where you have an account], but it was their email to you – not the store’s.

So you got the important information to be alert to phishing attempts, but you probably didn’t hear from the store. Are you okay with that? It was WFNNB who had the contract with Epsilon (or so it seems from their notification email text), but whom do you feel you have the relationship with – the store or WFNNB?

Who owes you the apology as well as the information?

And who should be accountable for this? The store or WFNNB – or both?

You trusted the store. They trusted WFNNB. WFNNB trusted Epsilon. But it all started with consumer trust in the store. And I think we need to hold the stores (or hotels or financial institutions) accountable if they want to keep our trust and our business. For that reason, I’ve been including all of their names in the running list of affected entities even though most other sites keeping tabs have not taken this approach and might just list WFNNB.

I’d also point out that on practical and safety levels, even if we had gotten an email from Epsilon (as the Senator urges), would most of us have even opened it, much less believed it – or would we have just looked at the subject line and deleted it as probably spam or a phishing attempt?

What do you think? You can sound off in the Comments section.

Category: Breach Incidents

Post navigation

← VT: Barton employee info may have been compromised
CT Attorney General investigating MidState Medical/Hartford Healthcare breach →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Runsafe report: Medical device cyberattacks threaten patient care, strain budgets, top concern for healthcare sector
  • Ryuk ransomware’s initial access expert extradited to the U.S. from Ukraine
  • Alleged Geisinger hacker will defend himself pro se.
  • Tallahassee Memorial Healthcare reveals it was also impacted by Cerner/Legacy Oracle cyberattack
  • Hospital cyberattack investigation complete, no formal review needed
  • Largest Ever Seizure of Funds Related to Crypto Confidence Scams
  • IMPACT: 170 patients harmed as a result of Qilin’s ransomware attack on NHS vendor Synnovis
  • DOJ’s Data Security Program: Key Compliance Considerations for Impacted Entities
  • UBS reports data leak after cyber attack on provider, client data unaffected
  • Scania confirms insurance claim data breach in extortion attempt

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • DOJ’s Data Security Program: Key Compliance Considerations for Impacted Entities
  • 23andMe fined £2.31 million for failing to protect UK users’ genetic data
  • DOJ Seeks More Time on Tower Dumps
  • Your household smart products must respect your privacy – including your air fryer
  • Vermont signs Kids Code into law, faces legal challenges
  • Data Categories and Surveillance Pricing: Ferguson’s Nuanced Approach to Privacy Innovation
  • Anne Wojcicki Wins Bidding for 23andMe

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.