Return of the Guru

Epsilon Breach: If the Blast Didn’t Get You, the Fallout Will

Ara Trembly
Insurance Experts' Forum, April 4, 2011

Maybe I’m just becoming jaded about the fact that we are losing the security battle to the criminal element, but I have to admit that the recently reported data breach at third-party marketer Epsilon did not at all come as a surprise.

As reported online in PC Magazine, the breach has exposed the e-mail addresses and names of customers at major credit-card issuers, Best Buy, TiVo, and more—“potentially leaving users open to phishing attacks.” An unauthorized entry into Epsilon's e-mail system occurred on March 30, the company said in a statement.

The good news for our industry is that no insurers were named on the list of compromised parties. (Editor’s note: Epsilon would not confirm this when contacted by INN—click here for more coverage.) The bad news is that a slew of banks and financial services firms are involved, and it would be foolish to believe that some of those problems won’t affect the insurance environment. Among such firms named were JPMorgan Chase, Citi, and Capital One. 

According to Epsilon, the exposed information was “limited” to e-mail addresses and/or customer names. That sounds pretty tame. Then again, wonders whether or not this might be “the biggest breach ever.” In fact, the piracy of names and e-mail addresses is quite a serious matter because while that information by itself may be of limited use, it can be of tremendous help to criminals who can already mine lots of personal data on individuals from their social networking site profiles and postings—data that is disturbingly easy to find online.

Of course, phishing attacks are one danger, but this unintended loss of personal data also makes it more likely that identities will be stolen, bank accounts will be pilfered and credit fraud will see an increase. If yours is a firm involved with insurance against such events, you can also expect to see an uptick in claims.

To be sure, using the pilfered information to commit crimes will require some work on the part of criminals but it seems to me that the huge profits to be generated for such individuals/syndicates, as well as the extremely low probability of being caught, would be more than enough incentive. The question is: Are we willing to work as hard on protecting customer information and/or the systems that hold such data? Regrettably, as I mentioned in my last posting about insurer reluctance to spend on anti-fraud technology, I fear we will see even such a major event as Epsilon as a routine cost of doing business. 

So we will yawn and write off the losses. Yet for our customers, and indeed for ourselves as private citizens, such losses may not be so easily written off. And don’t we have a duty to protect our valued customers from the inevitable premium increases that will occur as this kind of crime continues to spread like a deadly disease?

I have to commend Epsilon and many of the affected firms for quickly notifying authorities and their own customers about the danger of this security breach. In the past, others have not been nearly as willing to inform those who would be affected.

The blast from this event may not be so damaging at first, but the fallout has the potential to make that “biggest ever” characterization a reality. I have no doubt that this kind of breach will become increasingly common. It is my fervent hope, however, that we do not become increasingly unaffected by these criminal acts to the point where we plant our heads firmly in the ground and await the inevitable blow to our hindquarters.

Ara C. Trembly ( is the founder of Ara Trembly, The Tech Consultant, and a longtime observer of technology in insurance and financial services.

Readers are encouraged to respond to Ara using the “Add Your Comments” box below. He can also be reached at

This blog was exclusively written for Insurance Networking News. It may not be reposted or reused without permission from Insurance Networking News.

The opinions of bloggers on do not necessarily reflect those of Insurance Networking News.

Comments (1)

Last week hackers broke in to the database of Epsilon, a web marketing firm. The data security breach at Epsilon put millions of consumer names and addresses in the possession of cybercriminals. Companies doing business with Epsilon started warning consumers Monday to be on the alert for phishing emails trying to steal financial institution account numbers and other personal information. Here is the proof: Epsilon database hack exposes million to phishing attacks

Posted by: Edwin G | April 7, 2011 1:48 AM

Report this Comment

Add Your Comments...

Already Registered?

If you have already registered to Insurance Networking News, please use the form below to login. When completed you will immeditely be directed to post a comment.

Forgot your password?

Not Registered?

You must be registered to post a comment. Click here to register.

Blog Archive

How Insurers Can Develop Thoroughly Modern Mainframes

The user experience can make or break an application. Here are five ways to measure whether itís positive or negative.

The Peer-to-Peer Economy and the Uberization of Insurance

Insurance is about risk sharing, so what better model to bring in technology and make that risk sharing as efficient and effective as possible?

Rethinking Commercial Lines Underwriting Automation

The value an insurer can achieve from the powerful combination of a modern policy system and a complete suite of advanced underwriting solutions will far outweigh any effort involved.

Students are Pushed to Look Past Obstacles, and so Should We

Student teams, in the space of a few weeks, developed a variety of fresh ideas leveraging unique technologies that could help build products and services for insurance customers.

The Best Policy Administration System I Have Ever Seen

So many systems we view look like they screens were designed by a programmer and, worse, could only be used by a programmer.

Living with the Internet of Things (and crowd funding)

The Internet of Things has itís teething problems.