Marketing’s Weekly Dose of the Truth

Ken Magill

About Us

Considering Dumping Your Breached ESP? Don't be an Idiot


By Ken Magill

“E-mail services firm Epsilon will face years of repercussions and up to $225 million in total costs as a result of its recent data breach,” said a press release put out last week by self-described “cyber risk analytics and intelligence company” CyberFactors.

Years of repercussions? Seriously?

Never mind that CyberFactors doesn’t have access to any of the facts necessary to draw such a conclusion. Let’s give the firm the benefit of the doubt and use its announcement as a leaping-off point into a more important discussion.

According to CyberFactors: “Loss of revenue related to customer churn as part of the Epsilon breach fallout could range from $6.1 million if just 1 percent of customers left, to $30.7 million if there were 5 percent churn.”

I have a message for any firm whose executives are considering leaving Epsilon as a result of its recent well-publicized breach: Don’t be an idiot.

While you may think Epsilon has been unacceptably sloppy and should lose your business, in the wake of its data breach, there is probably no ESP more focused on the security of your files than Epsilon.

They are certainly some as focused—Silverpop, which also has had some bad, breach-related publicity, comes to mind—but none are more focused.

If you think this is an Epsilon problem, stop kidding yourself. It’s an industry problem. If you spend the money to move to another ESP, you will have spent your time and money having signed on and integrated with a vendor just as under attack as Epsilon.

Epsilon has simply been one of the unfortunate few that had its breach made public.

Rather than blame Epsilon, you should be working with its executives to do whatever needs to be done to defend against the breaches.

Also, I’ve been hearing of ESPs experiencing pushback from clients who have been asked to perform a few extra security-related steps. I have a message for those clients, as well: Don’t be an idiot.

Anyone who has been in business for any length of time knows that some clients live to abuse vendors. Vendor abuse for the sake of vendor abuse is always inappropriate. On this particular issue, it is wildly inappropriate.

As of this writing there have been no reported Epsilon-breach-related phishing attacks or spam.

Punishing one company for an industry-wide issue that so far has had no discernable effect would be just plain stupid.


Show: Newest | Oldest

Post a Comment
Your Name:
Please type the letters in the image above

Terms: Feel free to be as big a jerk as you want, but don't attack anyone other than me personally. And don't criticize people or companies other than me anonymously. Got something crappy to say? Say it under your real name. Anonymous potshots and personal attacks aimed at me, however, are fine.

Posted by: Ken Magill
Date: 2011-05-11 08:33:29
Subject: Epsilon-breach-related attack

Correction: As of this writing, there's been one reported Epsilon-related phishing attempt. One. And not necessarily by whoever committed the breach.
Posted by: Georgia Christian @mailblaze
Date: 2011-05-11 04:34:22

Agreed, thanks for putting it into perspective.
Posted by: Pete Austin @MarketingXD
Date: 2011-05-11 03:36:53
Subject: Reported Epsilon-breach-related phishing attacks

"Just days after millions of customers' email addresses were stolen in one of the largest data breaches in U.S. history, the Better Business Bureau is seeing one of the first Epsilon data breach phishing scams." "Websense warned last week of an attack targeting consumers affected by the Epsilon breach. The phishing or fake Epsilon website looks like the official Epsilon website, and presents a bogus press release update that tries to get unsuspecting consumers to download a file that contains malware" Search google for the following to see more: Epsilon breach phishing