Return of the Guru

Epsilon Breach: If the Blast Didn’t Get You, the Fallout Will

Ara Trembly
Insurance Experts' Forum, April 4, 2011

Maybe I’m just becoming jaded about the fact that we are losing the security battle to the criminal element, but I have to admit that the recently reported data breach at third-party marketer Epsilon did not at all come as a surprise.

As reported online in PC Magazine, the breach has exposed the e-mail addresses and names of customers at major credit-card issuers, Best Buy, TiVo, and more—“potentially leaving users open to phishing attacks.” An unauthorized entry into Epsilon's e-mail system occurred on March 30, the company said in a statement.

The good news for our industry is that no insurers were named on the list of compromised parties. (Editor’s note: Epsilon would not confirm this when contacted by INN—click here for more coverage.) The bad news is that a slew of banks and financial services firms are involved, and it would be foolish to believe that some of those problems won’t affect the insurance environment. Among such firms named were JPMorgan Chase, Citi, and Capital One. 

According to Epsilon, the exposed information was “limited” to e-mail addresses and/or customer names. That sounds pretty tame. Then again, wonders whether or not this might be “the biggest breach ever.” In fact, the piracy of names and e-mail addresses is quite a serious matter because while that information by itself may be of limited use, it can be of tremendous help to criminals who can already mine lots of personal data on individuals from their social networking site profiles and postings—data that is disturbingly easy to find online.

Of course, phishing attacks are one danger, but this unintended loss of personal data also makes it more likely that identities will be stolen, bank accounts will be pilfered and credit fraud will see an increase. If yours is a firm involved with insurance against such events, you can also expect to see an uptick in claims.

To be sure, using the pilfered information to commit crimes will require some work on the part of criminals but it seems to me that the huge profits to be generated for such individuals/syndicates, as well as the extremely low probability of being caught, would be more than enough incentive. The question is: Are we willing to work as hard on protecting customer information and/or the systems that hold such data? Regrettably, as I mentioned in my last posting about insurer reluctance to spend on anti-fraud technology, I fear we will see even such a major event as Epsilon as a routine cost of doing business. 

So we will yawn and write off the losses. Yet for our customers, and indeed for ourselves as private citizens, such losses may not be so easily written off. And don’t we have a duty to protect our valued customers from the inevitable premium increases that will occur as this kind of crime continues to spread like a deadly disease?

I have to commend Epsilon and many of the affected firms for quickly notifying authorities and their own customers about the danger of this security breach. In the past, others have not been nearly as willing to inform those who would be affected.

The blast from this event may not be so damaging at first, but the fallout has the potential to make that “biggest ever” characterization a reality. I have no doubt that this kind of breach will become increasingly common. It is my fervent hope, however, that we do not become increasingly unaffected by these criminal acts to the point where we plant our heads firmly in the ground and await the inevitable blow to our hindquarters.

Ara C. Trembly ( is the founder of Ara Trembly, The Tech Consultant, and a longtime observer of technology in insurance and financial services.

Readers are encouraged to respond to Ara using the “Add Your Comments” box below. He can also be reached at

This blog was exclusively written for Insurance Networking News. It may not be reposted or reused without permission from Insurance Networking News.

The opinions of bloggers on do not necessarily reflect those of Insurance Networking News.

Comments (1)

Last week hackers broke in to the database of Epsilon, a web marketing firm. The data security breach at Epsilon put millions of consumer names and addresses in the possession of cybercriminals. Companies doing business with Epsilon started warning consumers Monday to be on the alert for phishing emails trying to steal financial institution account numbers and other personal information. Here is the proof: Epsilon database hack exposes million to phishing attacks

Posted by: Edwin G | April 7, 2011 1:48 AM

Report this Comment

Add Your Comments...

Already Registered?

If you have already registered to Insurance Networking News, please use the form below to login. When completed you will immeditely be directed to post a comment.

Forgot your password?

Not Registered?

You must be registered to post a comment. Click here to register.

Blog Archive

In the Big Data Era, Storage is More than 'Just' Hardware

For on-premises needs, the latest technologies, including flash, solid state drives, and in-memory computing offer new ways to provide rapid access to new data.

Core Transformation – The Ultimate Balancing Act

The core transformation journey requires companies to shift from reactive to proactive business models, incorporating maturing and emerging technologies, customizing and personalizing products, and accelerating speed to market while providing improved customer service.

Wearables Poised to Reshape Insurer-Insured Relationship

Boosted by the impending release of the Apple Watch, wearable devices have received a fair amount of attention recently Ė and with good reason. This emergent technology has the potential to alter the way the health insurance industry operates on a fundamental level.

Despite Valiant Efforts, Insurers' Consumer Ratings Drop

Insurers also are confronting waves of disruptive changes, including big data analytics, an aging population, ongoing economic uncertainty and the growing frequency and severity of natural disasters, which threaten to challenge and undermine businesses.

Why You Can't Take a Wrecking Ball to Your Legacy System

If you think of enterprises like collections of neighborhoods that need to be nurtured, you quickly see that architecture, not obliteration, is the key.

The Apple Bounce: Are Wearables Truly this Big?

I just donít believe it; only 720,000 Androidwear watches were sold in 2014. Apple has been amazingly successful in so many markets. Were they always first? No, a lot of products before. Were they always best? Again, no, superior devices have fallen.