Epsilon Breach, Security and Communications Key for CUs
Following the breach at the marketing firm, credit unions will need to communicate effectively with members, even if the organization’s data was not directly compromised.
April 7, 2011
The marketing data and technology firm Epsilon announced last Friday that its email system had been breach, giving hackers access to consumers’ names and/or email addresses.
In a statement, the Texas-based company asserted that no other personal identifiable information associated with those names was at risk from the “unauthorized entry” to its email system. Epsilon, which sends over 40 billion emails annually, is a division of Alliance Data, whose stock has tumbled 2 percent since the news broke.
Information from 2 percent of its total clients was compromised, and these clients were limited to those that Epsilon provides email services. The company has over 2,500 clients worldwide, including banking giants Citigroup, JP Morgan Chase, U.S. Bancorp and KeyBank.
Experts are expecting a wave of phishing and virus attacks as a result. Even if they are not directly affected by the breach, credit unions will need to communication effectively with their members.
“Having a pre-defined plan for dealing with these types of breaches is important in the digital age”, says NWCUA Regulatory Analyst David Curtis, who also is the liaison to the Financial Institutions Security Task Force (FIST). “That includes whether your members information is compromised or whether data breaches are just in the news.”
He adds, “It is important to stress to members that they should never respond to an email soliciting personal information. If they suspect it might be legitimate, they should call the company directly. And they should never click on any embedded links in the phishing emails, since these usually contain viruses.”
This episode follows a hack at RSA, the security division of EMC. (Read more here.)
Questions or interested in talking points for member communications? Contact Regulatory Analyst David Curtis: 206.340.4785, [email protected].