Review of Business Fraud: Epsilon

Epsilon – The Leading Firm in E-Marketing

Epsilon is one of the leading providers of e-marketing services in the USA. An Irving, Texas-based marketing firm Epsilon provides strategic consulting, marketing analytics, database, email and loyalty marketing technology, proprietary data, and digital marketing services, creative & interactive media services, web design and development, and direct mailing services. However, their email marketing services, permission based email marketer, to be exact, is the best in the business and the country. Deploying more than 40 billion emails annually on behalf of its global clients, the permission based email marketer is practically the best asset of the company. Unfortunately, it is also the most vulnerable (, 2012).

The Largest Internet Breach in America

On April 1st, 2012, Epsilon faced a critical system breach, due to which thousands of email addresses, customer IDs, names and address were stolen. These names, addresses and email address belonged to the customers of over 55 high profile companies, namely Citibank, US Bank, Visa, Walgreens, Best Buy, Disney Destinations, Marriot, Ritz-Carlton, Ameriprise Financial, Capital One, JP Morgan & New York & Company just to name a few. The Guardian has called this has as “one of the largest internet security breaches in U.S. history.” The profile of customers and companies they belong to, therefore, is what makes this system breach a very serious issue. What usually happens in cases like these is that the perpetrators steal emails from a database of a particular company, and then devise and design an email that looks exactly like it is sent from that company to its customer. In this case, the customer maybe tricked into giving on sensitive and personal details like account numbers passwords etc. In technical jargon, this is called “pishing”. In the Epsilon hack case, however, things were way more serious. This time, the perpetrators didn’t just have the email addressed, but they had also acquired the names and addresses of individuals that go along with those email addresses. This is termed as “spear-pishing”. As the name suggests, this form of internet fraud is more effective. The customers are actually addressed by their own names and addresses. Thus, they are much more prone to respond to the pishing email. Thus, in the Epsilon breach, thousands of customer were sent spear-pishing emails from “their service providing” companies, mostly asking them to disclose private information like account numbers etc (Wells, 2010).

However, Epsilon and its clients were quick to respond. They sent out warning emails to the customer database, advising not to respond to any suspicious email asking for their detail. They also pointed out that no confidential information was leaked apart from the email addresses. This, however, still stands to question.

How the Customers Can Protect Themselves

The best protection against spam, pishing or spear-pishing emails lie in the hands of the customers themselves. No amount of internet security software, database protection mechanism, or firewalls can provide the protection that human intuition does. Since the dawn of the internet, millions of anti-spam wares, anti-viruses, and internet security software have been developed. However, the hackers still find a way around the best security. Just a few tips that customers keep in their minds, while online, can save them from devastating financial and personal loss.

  • Email attachments from unknown senders/companies should never be opened. Sometimes, even an unexpected attachment from a friend can turn out to be a worm or a virus.
  • One should never ever provide confidential information like passwords, account number etc., in response to an email request.
  • Embedded links in suspicious emails should be avoided as all costs. Even if it says that your account will be suspended if not done so.

Lastly, though the anti-virus/anti-malware software is not fool proof, it is still a line of defense. One must make sure that they are running and up to date  ( What Does the Breach Mean for Epsilon

Being one of the biggest e-marketing firms in the country and having one of the largest customer database, the security breach is no less than devastating for Epsilon. On the other hand, Epsilon holds a very niche market. Due to this, it is not very easy for Epsilon’s clients to simply switch their e-marketing company. However, a breach with this magnitude did not go unnoticed. First and foremost, the investors were jolted to find out that Alliance Data’s stock (the parent company of Epsilon) dropped to an all-time low of $80.31 on the New York Stock Exchange. Investors speculated that the company will have to face lawsuits next.

Though Epsilon survived the onslaught of the stock drops, the customers’ anger and investors’ raised eyebrows, and lost clients, the company has lost its former reputation. The clients still doing business with Epsilon are always on the edge as the trust on Epsilon’s data security has weathered away.

What Could Epsilon Have Done to Protect Itself from the Breach?

Maintaining database of thousands of customer information and IDs requires an exceptional security system. A security system can guard against both insider and network-based threats. It can also be questioned whether it is feasible to keep this database on a wider internet network, like it was kept, rather than on a closed, exceptionally guarded internal network. That is one of the safest and simplest things that Epsilon could have done to protect its confidential data from reaching the hands of the cyber criminals.

Secondly, and most obviously, Epsilon needs to revisit its system security, stripping it down to its bones and building it ground up. Hiring the best in the business and implementing state of the art security systems, Epsilon can avoid future breaches, for the time being. This is an inborn problem with most IT service providers, E-marketers and almost all companies that provide their services using the internet. These companies are always a step behind in upgrading their systems security, obviously due to the fact that a complete system upgrade does cost a pretty penny. But unfortunately, these companies fail to realize that the damage that they can incur if a security breach happens is much more than an update.


The Epsilon breach was no doubt one of the biggest to ever happen. All stakeholders, may they be customers, clients, investors, or the company employees and management were affected in one way or the other. However, it could have easily been avoided, both, from the customers end and the company’s as well. The customers need to be more aware and responsible for suspicious emails. On the other hand, e-marketing giants like Epsilon should revisit their security policy and employ state-of-the-art security measures to safeguard the confidential information of their clients and customers.

Order now

Related essays