It’s been a few days since ‘Email Gate 2011′ and the dust has yet to settle. At least 50 companies’ user email address lists appear to have been compromised by the data breach at email service provider Epsilon thus far, with consequences unknown. One thing is certain- this data breach in particular is grabbing national headlines, consumer attention, and even the scrutiny of the Secret Service.

Epsilon took the lead and reported to their advertiser customers on the data breach almost immediately.  It is estimated that about 2% of their 2200 clients were affected. The advertisers followed by openly notifying individuals of the data breach via email. Many of the  notification emails sent by affected companies warn consumers of the potential risk associated with phishing emails and remind them that the respective companies will never ask for login info or account information in an email.

The Consumer Point of View

The real concern for consumers is potential phishing emails disguised as legitimate offers meant to trick them into forking over personal information.  An increase in the amount of spam they receive seemed to be a lesser concern, but an overall fear surrounding personal privacy and identity theft persists.

One ‘industry outsider’ friend, Kyle Jones commented, “I got an email from Best Buy about it. My initial thought was, ‘That sucks…I mean, if the only private information they leaked was my email address then oh well…there is nothing I can do about that.’ We are constantly bombarded with spam daily as it is, so I am almost completely immune to all of it anyway.” Whether we will see a discernible jump in the volume of spam is questionable, but it may be more targeted and effective.

The Advertiser Perspective

It can be argued that both Epsilon and the advertisers who sent proactive notifications to customers did the right thing explaining potential risks, given the circumstances. However, a light has been shone onto how consumer data is shared between email service providers and advertisers. The relationship between branded advertisers and ESPs, often perceived as one and the same by an average customer, still relies on a great deal of trust.  Password protected data is only as safe as the people who have access to the login information.

Companies spend millions of dollars building a brand and the trust of their customers.  It’s up to these companies to regulate and monitor internally how their customer data is stored, accessed and used by their marketing partners and third parties. Phishing attacks are nothing new, but they continue to grow more targeted and sophisticated .  No longer can these large companies sit idly by while they occur, especially as a result of a data breach. They must go the extra mile to gain visibility in how their brand is being used in email.   While you can’t un-ring a bell that’s been rung, you can employ every method possible to protect and educate your customers and protect the integrity of your brand.

Here is a short list of notable companies allegedly affected by the data breach:

AbeBooks
Ameriprise Financial
Barclays Bank
Best Buy
Brookstone
Citibank
Disney Destinations
Hilton Worldwide
JP Morgan Chase
Kroger
Lacoste
Marriott International
McKinsey Quarterly
New York & Company
Robert Half
Target
Tivo
US Bank
Walgreens