Arik Hesseldahl

Recent Posts by Arik Hesseldahl

Congress Is Officially Paying Attention to the Epsilon Breach

April 7, 2011 at 1:46 pm PT

Sen. Al Franken, the Minnesota Democrat who used to do comedy on ‘Saturday Night Live,” has his eye on the Epsilon data breach, according to a Politico report.

Franken chairs the subcommittee on privacy, and says he wants to explore the situation, which could be the first hint that he wants to hold hearings.

He’s not the only person in Congress making noise about it. Sen. Richard Blumenthal, a Democrat from Connecticut, has asked Attorney General Eric Holder to investigate Epsilon for “possible civil and criminal liability.” There’s also talk of hearings on the matter in the House. On top of that, state attorney generals in Rhode Island, Iowa, Nevada and Oregon have started warning consumers in their state about the dangers of clicking links in suspicious emails that may emerge in the coming days. I’ve pasted Blumenthal’s letter below.

Shares in Epsilon parent Alliance Data Systems rose more than one percent today as concern among investors around the business unit that was responsible for 22 percent of its revenue last year seems to have abated for the moment. The company will report quarterly earnings on April 21, and we’re hoping management takes the opportunity to be forthcoming with more details about how the breach happened.

April 6, 2011

The Honorable Eric H. Holder, Jr.
Attorney General of the United States
United States Department of Justice
950 Pennsylvania Avenue, NW
Washington, DC 20530-0001

Dear Mr. Attorney General:

I am writing to formally request an expedited investigation into possible civil and criminal liability, and to highlight key issues to consider in the course of that investigation, concerning recent reports of a major data security breach involving Epsilon, an internet email marketing firm.

On April 1, 2011, Epsilon reported that it had experienced a security breach of its database of customer names and email addresses which it collects from various companies, including many retail and financial firms. The company has not specified how many consumers have been affected by the security breach. Epsilon has not provided a list of companies affected. While some of Epsilon’s client companies have notified their customers of the breach, other consumers may be unaware that their names, email addresses and other potentially identifying information may be at risk.

I believe that immediate notification to all customers is vital to protect them – and enable them to protect themselves – from identity theft. Despite claims by Epsilon that only the names and email addresses of individuals may have been compromised by this security breach, I ask that your review of this incident determine whether individually identifiable financial information has been compromised. Names and email addresses would allow unscrupulous actors to send emails to consumers – ostensibly from the retailers which whom the consumer does business – seeking private financial information such as credit card numbers or checking or banking accounts.

I believe that affected individuals should be notified and provided with financial data security services, including free access to credit reporting services, for two years, the costs of which should be borne by Epsilon or its affected clients. I believe it is also necessary to provide every affected individual with sufficient insurance to protect them against possible financial consequences of identity theft.

Consumers deserve more complete information on the data breach, as well as the assurance that their personal financial information will be securely maintained. If personal financial information has been compromised as a result of this incident, Epsilon should be required to provide written notification of the breach, specific information about the data that may have been improperly accessed by third parties, and personal information security protection, including free access to credit reporting services, and insurance for two years.

Thank you for your attention to this important issue and for your continued work on behalf of the American public.

Sincerely,

Richard Blumenthal
United States Senate

Tagged with: Al Franken, Alliance Data Systems, Arik Hesseldahl, Attorney General Eric Holder, breach, data security, Epsilon, federal government, hackers, Iowa, Nevada, NewEnterprise, Oregon, Rhode Island, Richard Blumenthal, state attorney generals, United States House of Representatives, United States Senate, Washington D.C.

Apple Denies Working with NSA on iPhone Backdoor

December 31, 2013 at 8:49 am PT

You Won’t Believe All the Crazy Hardware the NSA Uses for Spying

December 30, 2013 at 12:15 pm PT

HP Is Negotiating to Settle Bribery Charges

December 30, 2013 at 8:45 am PT

CIOs Brand Enterprise Social Tools as Most Overhyped Technology of the Year

December 30, 2013 at 3:39 am PT

Malware Attacks by Syrian Pro-Government Hackers Are on the Rise

December 27, 2013 at 1:27 pm PT

Latest Video

View all videos »

Search »

You Say Goodbye and We Say Hello

Walt Mossberg and Kara Swisher in Media

The NSA and the Corrosion of Silicon Valley

Michael Dearing in Voices

You Won’t Believe All the Crazy Hardware the NSA Uses for Spying

Arik Hesseldahl in News

View all today’s news »

Uncovering a More Useful Android Lock Screen

Bonnie Cha in Product Reviews

Lenovo’s Bendy Yoga 2 Laptop Makes All the Right Moves

Lauren Goode in Product Reviews

Space Monkey Peer-to-Peer Digital Storage System Offers Better Backup

Katherine Boehret in The Digital Solution

Diabetes Data Beamed to Your Phone

Walt Mossberg in Personal Technology

Nokia Lumia 2520: A Solid Windows Tablet in Need of Apps

Bonnie Cha in Product Reviews

View all reviews »

I’m a giant vat of creative juices.

— David Pogue on why he’s joining Yahoo