Data breach is the Exxon Valdez of privacy

By Michael Fertik
April 6, 2011

Crews clean up the oil soaked beach on Naked Island in the Prince William Sound, on April 2, 1989, after the oil spill caused by the Exxon tanker Valdez.   REUTERS/Mike Blake- Michael Fertik is the founder and CEO of Reputation.com, an online privacy and reputation management company. He is a member of the World Economic Forum Agenda Council on Internet Security and recipient of the WEF Technology Pioneer 2011 Award. The opinions expressed are his own. -

Last week’s Epsilon data breach is the Exxon Valdez of privacy. It is a wake-up call that it is time to reform our privacy infrastructure from the ground up, much as the Exxon Valdez oil spill of 1989 should have served as the wake-up call to reform our energy delivery infrastructure to prevent disasters like last year’s BP Deepwater Horizon spill.

On Friday, the email marketing firm Epsilon revealed that tens of millions of private names and email addresses were stolen, putting millions of people at risk of fraud. Intruders were able to harvest names and email addresses that belong to customers of companies like Best Buy, Capital One, and J.P. Morgan. Banks and retailers gave this data to Epsilon to run email marketing campaigns. In turn, someone penetrated Epsilon’s security, and was able to download millions of names and addresses, which presumably are being sold on the black market at this very moment.

The immediate result will be literally billions of spam and fraud messages flooding inboxes around the world, many trying to trick users into giving up financial information to scammers. But the real impact of Epsilon is to bring home the dangers of corporate strip-mining of our personal information. Just as the Valdez spill proved that there is no perfectly safe way to transport petroleum, every incident like Epsilon should teach us that there is simply no perfectly safe way to transport and store massive amounts of private data.

Companies like Epsilon store your personal data in huge databases, each containing millions of pieces of personal information. Each of these personal information databases is like a supertanker plying the high seas. When everything goes exactly as planned, there is admittedly little risk. But, if the Exxon Valdez, the Deepwater Horizon, and countless smaller spills have taught us anything, it is that things always deviate from the plan. And no company can possibly foresee every way that data storage can go wrong: a disgruntled employee, a skilled hacker, a sloppy IT staffer, a new attack on web servers, or possibilities that we haven’t thought of yet—there will always be unanticipated flaws and unforeseen shoals.

Each of these data leaks on its own is scary enough, but the real danger comes in the fact that so much of your personal data is already broadcast, purchased and mashed-up all over the Internet. Much of this data exists because marketers want to create more “intelligent” dossiers about consumers, in an attempt to identify all of your desires so that they can pitch the “perfect” products to you.  And, as we live more of our lives online, we inevitably reveal increasingly sensitive information about ourselves. The result is that there may be thousands of databases that hold intensely personal information about you.

As long as these databases exist, we will see a constant flow of data breaches and predictable finger-pointing. Instead, we need real reform to put consumers back in control of their personal information. Reform is more than just changes around the margins of data security standards. Instead, we need to reform online privacy from its core, to stop the sale and storage of massive amounts of personal data in its tracks. This will require a paradigm shift in the way society collects, stores, and uses personal information. Consumers—not companies—should be at the center of the privacy ecosystem. Consumers may choose to grant access to their personal information to companies, but consumers must control it. This change must reach the foundation of all industries, ranging from healthcare, to IT, to government, to media.

Reform must give consumers digital control over their personal data.  Imagine that instead of your personal data being copied from one data marketer to another, you could hold it in an encrypted secure digital vault.  The companies you approve can access your personal data as they need it, but they cannot copy and store it into massive databases.  You could still opt-into whatever marketing and other services you want, but you will own your data. Your data will not be in countless databases across the Internet.  And, unlike a marketing company, you will have every incentive to keep your own data safe and secure.

This system to empower consumers while still allowing desirable data uses can be formed through intelligent collaboration with all stakeholders.  The goal is not (and should not be) to destroy marketing or personalized services: when done right, the Internet has the potential to protect privacy while delivering valuable personalized content and intelligent advertising.  But we must create the conditions for privacy-protective systems to grow if we ever hope to stop the flood of embarrassingly large data breaches. The “Epsilon Valdez” breach revealed millions of names and email addresses; the next breach may involve bank accounts, social security numbers, and more.

Follow Fertik on Twitter: @michaelfertik

3 comments

We welcome comments that advance the story through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can flag it to our editors by using the report abuse links. Views expressed in the comments do not represent those of Reuters. For more information on our comment policy, see http://blogs.reuters.com/fulldisclosure/2010/09/27/toward-a-more-thoughtful-conversation-on-stories/

Thanks for your post, and for helping to keep your readers informed about this breach. In order to defend against this type of attack, businesses can no longer rely on point solutions such as firewalls, IDS/IPS devices, or simple IP reputations. Solutions that can provide deep content inspection to detect embedded attacks across email and Web sessions should also be implemented. This breach also illustrates the importance of ensuring network layer Data Leakage Prevention (DLP) for service providers, in order to prevent the outflow of email addresses. Our company, Wedge Networks has focused on building such solutions for years, and is leading efforts to prevent the good things from flowing out, and bad things from flowing in.

Posted by HongwenZhang | Report as abusive

Nice analogy! Yes, with every passing day, users have more data online, and more importantly, this data is centralized in a few services such as that provided by google and facebook. In the past, users data was distributed across services, and each of these services never ended up having a complete context (name, age, location, relations, friends etc) of the user, which meant that loss of data never ended up being very serious. Going forward, few services having all the data implies that a breach in one place can lead to a very large, highly contextualized data of the user.

Privachi (www.privachi.net) a privacy-centric social network is an attempt in the direction of putting control back in the users hands. On Privachi, user decides where her social data resides (she can pick to have her text updates be stored in yahoo mail or her dropbox account, or her box.net account, photos stores in picasa or flickr account, and video in youtube account), as well as lock her social data in such a manner that the storage provider or Privachi cannot unlock it. Only the user’s friends can. The goal is to decentralize storage of users data so that a breach in one location will imply only limited data loss, without revealing the context of the user.

Posted by privachi | Report as abusive

If you have a valid point, it’s buried deep under the FUD.
You wrote:
someone penetrated Epsilon’s security, and was able to download millions of names and addresses, which presumably are being sold on the black market at this very moment.

Epsilon has not disclosed raw numbers, so “millions” is clearly a guess. Nobody knows who did it, so “being sold on the black market at this very moment” is nothing but hyperbolic fearmongering.
My home address is in the phone book, so presumably there are burglars driving there at this very moment!

You also wrote:
The immediate result will be literally billions of spam and fraud messages flooding inboxes around the world

I agree that this would be one possible result of one of your conjectures, but it’s a huge reach to claim it’s an immediate result of the actual events.

This blog, and the comments written before mine, are all from people with a financial interest in people’s fear-based reactions. How about we hear from someone (anyone!) who’s not going to make a buck from this?

Posted by ColoradoRob | Report as abusive

[...] Reuters Blog April 6, 2011 This entry was posted in Data Protection & Privacy Breaches, Inadequate Systems, Systemic failure and tagged Consumer Protection. Bookmark the permalink. ← CAG cites discrepancies in defence land records (India) Politicians elections and missing records (US) → [...]

[...] presumably are being sold on the black market at this very moment. Read the full Reuters blog post here. April 11th, 2011 in Daily News | tags: Albert Gonzalez, Albert Gonzalez TJX Hacker, Anonymous, [...]

[...] at OtherInbox HQ we have been watching the media response to the Epsilon data breach and it reminds us of a primer we wrote a while back about the many ways SPAM can find its way to [...]

[...] huge amount of movement tracking data being assembled about everyday people.  If there is another Epsilon data breach, it could result in your movements being displayed to the world.  If you’ve ever been [...]