Senators and House members are demanding Epsilon and Alliance Data disclose how many customers had been affected in the breach and how it happened.
Each day, a new company is added to the list of clients affected by the
massive data breach at email
marketing provider Epsilon
. Now, several U.S.
senators and House representatives are demanding more details about the
magnitude of the breach and how the email thefts are impacting consumers.
U.S. Sen. Richard Blumenthal of Connecticut
wrote an April 6 letter to United States Attorney General's Office noting there
may be some consumers still unaware their email addresses may have been stolen.
"While some of Epsilon's client companies have notified their customers
of the breach, other consumers may be unaware that their names, email addresses
and other potentially identifying information may be at risk," wrote
Epsilon Interactive, a large email marketing services company with
approximately 2,500 clients, disclosed April 1 that attackers had stolen
customer data belonging to several of its clients. While the extent of the
breach is still under investigation, the initial list of affected companies included
several financial organizations such as JPMorgan Chase, major hotel chains such
as Marriott Rewards, and big retailers such as Best Buy.
Since the data stolen did not contain any personal-identifying information,
such as Social Security numbers or credit card information, existing state laws
requiring breach notifications may not apply in this case. Even so, attackers
could use the email addresses to launch phishing
to steal more sensitive data such as financial information or login
credentials to other sites, industry experts have warned.
"I believe that immediate notification to all customers is vital to
protect them-and enable them to protect themselves-from identity theft,"
said Blumenthal. Bluementhal recommended Epsilon or its clients pay for
financial data security services and credit reports for affected consumers for
U.S. Reps. Mary Bono Mack of California
and G.K. Butterfield of North Carolina,
the leaders of the House Energy and Commerce panel, wrote their own letter to
the CEO of Alliance Data, Epsilon's parent company, asking for more details on
how many customers were affected and how the breach occurred.
While only about 2 percent of its clients have been affected by the breach,
Epsilon is refusing to say exactly how many customer emails were stolen.
Epsilon has said it is still investigating the breach and would apply
necessary remedies as they are identified. Alliance
said in a statement the company was cooperating with law enforcement .
Mack and Butterfield also asked for specific details on the timeline of
events as well as details as to what the firm has done since then to mitigate
the effects of the breach and prevent future incidents. They requested a
response no later than April 18.
A senior adviser to Bono Mack told Politico that a Congressional hearing may
possibly address the Epsilon incident.
Sen. Al Franken of Minnesota,
chairman of the subcommittee on Privacy, Technology and Law, was concerned that
Americans had no idea who owned their information and could not do more to
protect their data. Franken vowed on April 7 to "do more to protect Americans'