My wife and I started getting the emails April 4. Best Buy. Our bank. Other e-commerce sites we had shopped. The impact of the Epsilon security breach was far and wide.
My first thought was that at least companies are getting less squeamish about putting out breach notifications. By now, businesses understand that a security breach doesn’t necessarily mean that they will be put out of business, which we learned with the TJX data breach.
But what is different in the wake of the Epsilon attack is that cybercriminals don’t necessarily have to get all of your personally identifiable information anymore to be able to get an edge on the consumer. Here, they just got names and email addresses. But that may be enough: A mere notification may be enough to spur someone to reply to a phishing email and inadvertently give away much more information than the original breach garnered.
Just as companies all have to have security and privacy policies, so do individual consumers when dealing with cybercrime. The same rules apply, however — awareness, diligence and taking the responsibility to know with whom you are doing business.