Return of the Guru

Epsilon Breach: If the Blast Didn’t Get You, the Fallout Will

Ara Trembly
Insurance Experts' Forum, April 4, 2011

Maybe I’m just becoming jaded about the fact that we are losing the security battle to the criminal element, but I have to admit that the recently reported data breach at third-party marketer Epsilon did not at all come as a surprise.

As reported online in PC Magazine, the breach has exposed the e-mail addresses and names of customers at major credit-card issuers, Best Buy, TiVo, and more—“potentially leaving users open to phishing attacks.” An unauthorized entry into Epsilon's e-mail system occurred on March 30, the company said in a statement.

The good news for our industry is that no insurers were named on the list of compromised parties. (Editor’s note: Epsilon would not confirm this when contacted by INN—click here for more coverage.) The bad news is that a slew of banks and financial services firms are involved, and it would be foolish to believe that some of those problems won’t affect the insurance environment. Among such firms named were JPMorgan Chase, Citi, and Capital One. 

According to Epsilon, the exposed information was “limited” to e-mail addresses and/or customer names. That sounds pretty tame. Then again, Bankinfosecurity.com wonders whether or not this might be “the biggest breach ever.” In fact, the piracy of names and e-mail addresses is quite a serious matter because while that information by itself may be of limited use, it can be of tremendous help to criminals who can already mine lots of personal data on individuals from their social networking site profiles and postings—data that is disturbingly easy to find online.

Of course, phishing attacks are one danger, but this unintended loss of personal data also makes it more likely that identities will be stolen, bank accounts will be pilfered and credit fraud will see an increase. If yours is a firm involved with insurance against such events, you can also expect to see an uptick in claims.

To be sure, using the pilfered information to commit crimes will require some work on the part of criminals but it seems to me that the huge profits to be generated for such individuals/syndicates, as well as the extremely low probability of being caught, would be more than enough incentive. The question is: Are we willing to work as hard on protecting customer information and/or the systems that hold such data? Regrettably, as I mentioned in my last posting about insurer reluctance to spend on anti-fraud technology, I fear we will see even such a major event as Epsilon as a routine cost of doing business. 

So we will yawn and write off the losses. Yet for our customers, and indeed for ourselves as private citizens, such losses may not be so easily written off. And don’t we have a duty to protect our valued customers from the inevitable premium increases that will occur as this kind of crime continues to spread like a deadly disease?

I have to commend Epsilon and many of the affected firms for quickly notifying authorities and their own customers about the danger of this security breach. In the past, others have not been nearly as willing to inform those who would be affected.

The blast from this event may not be so damaging at first, but the fallout has the potential to make that “biggest ever” characterization a reality. I have no doubt that this kind of breach will become increasingly common. It is my fervent hope, however, that we do not become increasingly unaffected by these criminal acts to the point where we plant our heads firmly in the ground and await the inevitable blow to our hindquarters.

Ara C. Trembly (www.aratremblytechnology.com) is the founder of Ara Trembly, The Tech Consultant, and a longtime observer of technology in insurance and financial services.

Readers are encouraged to respond to Ara using the “Add Your Comments” box below. He can also be reached at ara@aratremblytechnology.com.

This blog was exclusively written for Insurance Networking News. It may not be reposted or reused without permission from Insurance Networking News.

The opinions of bloggers on www.insurancenetworking.com do not necessarily reflect those of Insurance Networking News.

Comments (1)

Last week hackers broke in to the database of Epsilon, a web marketing firm. The data security breach at Epsilon put millions of consumer names and addresses in the possession of cybercriminals. Companies doing business with Epsilon started warning consumers Monday to be on the alert for phishing emails trying to steal financial institution account numbers and other personal information. Here is the proof: Epsilon database hack exposes million to phishing attacks

Posted by: Edwin G | April 7, 2011 1:48 AM

Report this Comment

Add Your Comments...

Already Registered?

If you have already registered to Insurance Networking News, please use the form below to login. When completed you will immeditely be directed to post a comment.

Forgot your password?

Not Registered?

You must be registered to post a comment. Click here to register.

Blog Archive

It’s Okay to Take a Breather from the Technology Maelstrom

Even in technology, good things may take time.

Customers for Life

Insurers once had a monopoly on lifetime customers, but technology has changed the game.

Smarter Tablet Use Could Transform Insurance

By reducing administrative tasks and automating paperwork, tablets can increase agentsí selling time and help them respond to customers in seconds, not hours.

Insurance Wake-Up Call: Embrace the Shared Economy Opportunities

SMA believes that insurers must embrace a "shared economy," crowdsourcing and open innovation to get ahead in the new marketplace.

The Lion and the Mouse: Start-ups Pitch to Top Insurer

Insurers should be on the lookout for innovative partnership arrangements that produce unique and valuable solutions.

Silicon Valley Ventures

A trip to area hotbed of technological innovation calls into question the potential viability of insurers' legacy systems, operations and processes.