Okay, Chicken Littles; Admit You Were Wrong
By Ken Magill
Man, do I hate saying: “I told you so.”
Actually, who am I kidding? I absolutely love saying: “I told you so.”
I love saying “I told you so” so much that there is a major political issue on which me and most of my family and friends disagree—which I won’t detail here—about which I have said I will manage my diabetes just well enough so I live long enough to say: “I friggin’ told you so.”
I could be falling over into a diabetic coma with my kidneys rolling out the bottoms of my pant legs, but if I can manage to get the words “I told you so” past my lips, I’ll slip away a happy man.
On March 30 last year, executives at marketing services provider Epsilon discovered that someone had gained unauthorized access to some of their clients’ data.
As a result of the unauthorized access, Epsilon’s clients began sending their customers emails informing them of the breach.
Clients affected included dozens of household-name brands from Walgreens to Disney. As the warnings piled up, the Internet’s tech press went bananas.
One headline went so far as to compare the incident to Japan’s Fukushima nuclear meltdown.
A tech writer emailed me to ask if I thought another well-known breached email service provider would still be around in a year.
The Twittersphere went predictably crazy.
The Coalition Against Unsolicited Commercial Email even went so far as to imply consumers should sue Epsilon—all over a bunch of stolen email addresses.
In all the hysteria and silliness that was written following the Epsilon breach, one level-headed assessment stood out—a blog post by Steve Atkins on Word to the Wise headlined: “Epsilon—Keep Calm and Carry On.”
So what happened as a result of the breach? Apparently not much.
Epsilon’s parent, Alliance Data Systems, addressed the breach in its annual report published in February: “On March 30, 2011, an incident was detected where a subset of Epsilon clients’ customer data was exposed by an unauthorized entry into Epsilon’s email system. The information obtained was limited to email addresses and/or customer names only. Client marketing campaigns were restarted and Epsilon’s email volumes have not been, and are not expected to be, significantly impacted. While Epsilon has historically adhered to industry best practices with respect to the security and procedures surrounding access to its email system, Epsilon continues to evaluate and implement enhanced security measures and procedures as the threats inherent in the cyber landscape evolve. We have also not incurred, and do not expect we will incur, any significant costs arising from the incident.”
On April 19, Alliance Data Systems reported Epsilon’s revenue for the first quarter of 2012 increased $72.2 million, or 46 percent, to $227.9 million.
“Excluding the Aspen Marketing Services (Aspen) acquisition completed May 31, 2011, revenue growth was approximately 5 percent compared to the first quarter of 2011,” the report said.
So while Epsilon in and of itself isn’t experiencing double-digit growth, it is far from imploding as some last year believed would happen.
And what of the spear-phishing attacks some predicted would occur as a result of the breach? It’s difficult to believe they happened in any significant volume and went unreported.
While I didn’t make any predictions on what might result from Epsilon’s breach—I don’t make predictions as a rule—I rightfully labeled others’ reactions, particularly CAUCE’s, as unhinged.
As it’s been over a year, I think it’s safe to say now: “I told you so.”