Epsilon Shouldn’t Skate, Lawmakers Say

Apologies aren’t enough for several lawmakers asking for accountability from Epsilon Data Management LLC following last weeks’ data breach at the company. 

Shortly after a statement was issued by Epsilon President Bryan Kennedy last Wednesday that apologized for the inconvenience and the "phishing" e-mails that victims may receive as a result, leaders of the House Committee on Energy and Commerce’s Subcommittee on Commerce, Manufacturing, and Trade formally asked for an April 18 response to 14 questions about the breach.

E-mail marketing services company Epsilon Interactive, which has approximately 2,500 clients, disclosed April 1 that attackers had stolen customer data belonging to several of its clients. While the extent of the breach is still unknown, the initial list of affected companies included JPMorgan Chase, Marriott Rewards and Best Buy.

Chairman of the subcommittee Mary Bono Mack, (R-Calif.) and its ranking member, G.K. Butterfield (D-N.C.) have asked to Ed Heffernan, president and CEO of Dallas-based Epsilon’s parent company, Alliance Data Systems Inc., to provide information on when Heffernan first become aware of the breach. The letter also inquires as to when authorities were first called, and asks for proof of mitigation efforts going forward.

Today, Sen. Richard Blumenthal (D-CT) voiced a vow to hold the e-mail marketing firm Epsilon accountable for the security breach. In calling for answers from Epsilon’s CEO Bryan Kennedy with regards to how the company plans to help consumers in the coming months, Blumenthal also demanded information on how they will prevent this type of data from being compromised in the future.

Today’s comments followed a letter that Blumenthal wrote to Kennedy last week noting his concern and asking for answers to questions regarding the breach. Blumenthal also wrote to U.S. Attorney General Eric Holder requesting an investigation into the breach.

“This data in the wrong hands can be extremely damaging to the financial well-being of a number of consumers across Connecticut, some of whom might not know their identifying information has been compromised,” said Blumenthal on ConnecticutPlus.com. “Epsilon owes it to these consumers to provide them with tools to ensure the safety of identification and financial information, and also to take serious steps towards preventing these types of breaches in the future.”

Epsilon has publicly reiterated that federal Social Security and credit card numbers weren't compromised, and says that only 2% of its client base was affected. Epsilon said the incident should have "minimal if any impact" on Alliance Data's financial performance.

But Blumenthal reportedly will introduce legislation in the coming weeks to address cyber-security issues in an effort to protect consumers from those who use phishing scams to acquire social security and credit card numbers from unsuspecting victims approached as a result of data breaches such as the one that occurred at Epsilon.