I hate to minimize the data breach at Epsilon, a service company that sends out 40 billion emails a year for its corporate customers and got cracked by a group that stole data that could equal millions of consumer email addresses.
The records, from two Texas-state employee retirement systems and the Texas Workforce Commission, included not only email addresses, but snail mail, Social Security numbers and possibly dates of birth and drivers’ license numbers.
Security analyst Larry Ponemon estimates every lost customer record costs a company $214. Most of the data breaches in Corporate America are the result of phishing or cracks that are very short term. Breaches are usually discovered relatively quickly and the particular security hole is closed.
Lost data is often, as with Epsilon, only partial – emails, street addresses or whatever.
Putting full employment and retirement records on a public server, with all the relevant data an identity thief would need to clone and reuse you, and leaving them there for a year?
Texas wins this one hands down over Epsilon. (Although, serendipitously, Epsilon is based in Irving, Texas,
There’s no evidence, according to Combs’ office, that the data have yet been misused by identity thieves.
Which leaves me wondering whether it’s worse that Texas left all that data out in the open for so long, or that, apparently, no one in a position to steal it either knew or cared.