April 5, 2011 – Maybe I’m just becoming jaded about the fact that we are losing the security battle to the criminal element, but I have to admit that the recently reported data breach at third-party marketer Epsilon did not at all come as a surprise.

As reported online in PC Magazine, the breach has exposed the email addresses and names of customers at major credit-card issuers, Best Buy, TiVo, and more — “potentially leaving users open to phishing attacks.” An unauthorized entry into Epsilon's email system occurred on March 30, the company said in a statement.

The good news for our industry is that no insurers were named on the list of compromised parties. (Editor’s note: Epsilon would not confirm this when contacted by INN — click here for more coverage.) The bad news is that a slew of banks and financial services firms are involved, and it would be foolish to believe that some of those problems won’t affect the insurance environment. Among such firms named were JPMorgan Chase, Citi and Capital One.

According to Epsilon, the exposed information was “limited” to email addresses and/or customer names. That sounds pretty tame. Then again, Bankinfosecurity.com wonders whether or not this might be “the biggest breach ever.” In fact, the piracy of names and e-mail addresses is quite a serious matter because while that information by itself may be of limited use, it can be of tremendous help to criminals who can already mine lots of personal data on individuals from their social networking site profiles and postings — data that is disturbingly easy to find online.

Of course, phishing attacks are one danger, but this unintended loss of personal data also makes it more likely that identities will be stolen, bank accounts will be pilfered and credit fraud will see an increase. If yours is a firm involved with insurance against such events, you can also expect to see an uptick in claims.

To be sure, using the pilfered information to commit crimes will require some work on the part of criminals but it seems to me that the huge profits to be generated for such individuals/syndicates, as well as the extremely low probability of being caught, would be more than enough incentive. The question is: Are we willing to work as hard on protecting customer information and/or the systems that hold such data? Regrettably, as I mentioned in my last posting about insurer reluctance to spend on anti-fraud technology, I fear we will see even such a major event as Epsilon as a routine cost of doing business.

So we will yawn and write off the losses. Yet for our customers, and indeed for ourselves as private citizens, such losses may not be so easily written off. And don’t we have a duty to protect our valued customers from the inevitable premium increases that will occur as this kind of crime continues to spread like a deadly disease?

I have to commend Epsilon and many of the affected firms for quickly notifying authorities and their own customers about the danger of this security breach. In the past, others have not been nearly as willing to inform those who would be affected.

The blast from this event may not be so damaging at first, but the fallout has the potential to make that “biggest ever” characterization a reality. I have no doubt that this kind of breach will become increasingly common. It is my fervent hope, however, that we do not become increasingly unaffected by these criminal acts to the point where we plant our heads firmly in the ground and await the inevitable blow to our hindquarters.

This article originally appeared on Insurance Networking News.

Register or login for access to this item and much more

All Information Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access