With all due apologies to Emily Litella:
What’s all this I hear about the threat of pier fishing? Some Greek company has a problem with a beach, and now we’re worried about pier fishing?
I’ve been fishing off piers all my life. Americans have been pier fishing for generations, and I’m not going to stop now.
What’s that you say? It’s a threat of “spear phishing”? Never mind.
Is it OK to joke about the Epsilon email address breach?
On one hand, I realize this is a very serious topic to some, and that some (many?) people are worried about their email address falling into the wrong hands.
But on the other hand, my email address (more accurately: a number of my email addresses) has been in the wrong hands for quite a while now. I get phishing email and spam — as I’m sure you do — every day, and I have no idea how the senders got my email address in the first place.
What baffles me about the furor over the Epsilon breach is that most of us are OK having our addresses and telephone numbers made publicly available, but we’re outraged if our email address falls in the wrong hands?
Mind you, if we were talking about bank account information, credit/debit card information, or purchase history, this would be a different story.
And I realize that there’s an argument that the perpetrator of the breach might be able to piece together certain data points that would make their phishing attempts more lethal.
But there’s actually no evidence that those “certain data points” were acquired by the perpetrator. And, honestly now, until these phishers learn how to speak English gooder, I’m not falling for their attempts.
There are other things that I’ve seen regarding the breach that I would take issue with, as well:
1. American Banker ran an article titled Banks Awakening to Dangers of Email After Epsilon Breach. That’s not accurate. Banks are not “awakening” to these dangers — they’ve been well aware of them for years.
2. Other articles claim (or speculate) that Epsilon will see client defections as a result of the breach. I don’t think that’s going to happen, and if it does, it shouldn’t. Do you notice how none of Epsilon’s competitors are trying to make hay out of this? Because they know damn well that they could be next.
3. There are also experts out there who believe that the breach should impact future service level agreements. Bad idea. That’s what we have insurance policies for. An email service provider can only be expected to take reasonable steps to protect the data. If those steps are followed, but fall prey to outside predators, it’s wrong to penalize the service provider.