Story URL: http://news.medill.northwestern.edu/chicago/news.aspx?id=184230
Story Retrieval Date: 5/20/2013 12:10:52 PM CST
Lauren Daniels/ MEDILL
In the past few days, Wicker Park resident Ashley Richardson received eight emails from companies she does business with, notifying her that her email address had been accessed without her consent.
“It makes me really nervous,” Richardson said. “Strangers now have access to my personal email account. I’m going to deactivate it.”
News of hackers stealing the personal information databases has become fairly routine. The March 30 breach at Epsilon, a subsidiary of Alliance Data Systems Corp. may be the largest to date. Epsilon reported unauthorized access to client data in its email system. Epsilon is a third-party vendor used by companies including Walgreen Co. and J.P. Morgan Chase & Co to send email marketing messages, as many as 40 billion a year.
“A lot of Internet users don’t even know that their data is at a service provider. They’ve given their email address to a brand that they have trusted with it,” said email marketing expert Dennis Dayman.
Epsilon said that the information obtained from the breach was limited to customer names and email addresses. Walgreen, Capital One, Marriott International Inc. and other affected companies have done little more than encourage holders of potentially breached email accounts to be cautious of email schemes that ask for personal or sensitive information.
“We have always known that email addresses are a treasure trove for hackers and spammers,” Dayman said. With the Epsilon breach, senders of phishing schemes know that certain people bank at J.P. Morgan Chase or shop at Walgreens, allowing them to send a more targeted, personalized phishing scheme to that consumer.
Once personal information has been breached, there is little an individual consumer can do. Michael Fertik, founder and CEO of Reputation.com, recommends all Internet users take simple actions to lessen the risk of falling subject to another email breach.
“You want to use multiple email address for different parts of your life,” Fertik said. “That way if one email address is compromised, the others remain safe.” Fertik also recommends that consumers browse the Internet in privacy mode.
Dayman warns that the threat to consumer information will not be short-lived. Email accounts can be vulnerable, “not just for this week, but the next two to five years.”
For Richardson the email breach has an even stronger effect: “in the future I’ll make sure the box to sign up for emails stays unchecked.”
Some consumers say that this breach won’t affect them. They don’t share their email addresses with anyone, not even for 40 percent off any one item.