I’m Getting E-Mails From Epsilon’s Clients. Are You?

On Friday, marketing company Epsilon announced that an unknown third party had broken into its e-mail system and gained access to the names and e-mail addresses of some of the companies which Epsilon performs services for. And so, over the past few days, Epsilon clients have been sending e-mail to their customers alerting them to the breach and its potential consequences.

I got this email from TiVo on Saturday:

And here’s one I got from Marriott today (despite the date):

I’m not sure why Marriott took longer to alert me to the news, or why it seems more confident than TiVo that I’m unlikely to suffer as a result of the breach. (Marriott says “in all likelihood” I won’t be impacted, and artfully tells me to worry about phishing spam without accepting culpability for any I might get; TiVo says there’s a chance the breach will lead to spam.)

At least both TiVo and Marriott apologize in their messages. Epsilon, whose slogan is the unfortunate “Marketing as Usual, Not a Chance,” doesn’t express any regret in its press release about the leak. Nor does it tell us consumers about any steps we should take in response to the break-in.

(I find it interesting that Epsilon’s About Us page does lots of bragging–but doesn’t say anything about protecting the data of the consumers who are customers of Epsilon’s clients. It might want to revise its boilerplate at some point.)

Epsilon says that only about two percent of its clients’ information was leaked, but judging from the chatter among my Twitterfriends, that two percent still adds up to a lot of customers of a lot of very large companies:

Have you received any Epsilon-related messages from companies you do business with?

UPDATE: I got an e-mail from 1-800-Flowers, too, but it got stuck in my spam filter. Here it is:




  1. Keith Shaw April 5, 2011 at 11:19 am #

    We've received e-mail from Disney Destinations, one of the companies affected.

  2. wrenegade April 5, 2011 at 11:20 am #

    Walgreens, Target and Wells Fargo

  3. Kay April 5, 2011 at 11:41 am #

    CollegeBoard. Seriously.

  4. Rob April 5, 2011 at 11:41 am #

    Got notice about Epsilon from bodybuilding.com

  5. Otto Nordpol April 5, 2011 at 11:51 am #

    Forget it Harry, it's Chinatown (in the 1974 Roman Polanski movie sense of the word). I.e. normal standards of product/service warrantability and liability don't apply because it has something to do with computers. Why else do we tolerate shoddy software, computers that crash, and services that issue a supercilious "My bad." anytime someone hacks into customer data? Price of progress, right?

  6. The_Heraclitus April 5, 2011 at 11:59 am #

    Haven't received anything. Amazing that Epsilon's CIO has no clue about securing data at rest.

  7. traveller April 5, 2011 at 1:11 pm #

    I got a note from Best Buy and Chase – but interesting, though BarClays is listed in the ones affected, I got no letter at all from them.

  8. GadgetGav April 5, 2011 at 1:24 pm #

    I've had the one from TiVo. My wife has had many more.
    What's gets me is that we thought we were signing up with these separate companies who we wanted to do business with and behind the scenes they were just handing it all off to some third party that normally we'd never get to hear about. I know it's naive to think that anyone does their own back office stuff these days, but it should be the frontline companies (TiVo, Marriott, Target, etc) who are on the hook for any customer compensation. They picked a flaky marketing "partner" – they should have to make good any mistakes.

  9. Jose April 5, 2011 at 1:59 pm #

    I got an email from Citi about this.

  10. Lino April 5, 2011 at 9:14 pm #

    air miles as well

  11. Paul Vessey January 17, 2012 at 3:26 pm #

    Everyday there seems to be more and more breaches.

  12. Paul Vessey January 18, 2012 at 7:38 pm #

    This is a good example of reputation management done right and done wrong. In an event of an unauthorized access to a company's data, they need to inform their clients and customers as soon as possible. Failure to address their concerns could lead to a PR nightmare.