Epsilon Breach: Small Businesses Who Get “Hacked” Must Act – Now (Bloomberg Law)

Epsilon Breach: Small Businesses Who Get “Hacked” Must Act – Now (Bloomberg Law)

If you have a credit card or bank account, then you may have received an ominous e‐mail alert discussing the data breach that recently occurred at Epsilon, a third‐party vendor which provides marketing services to many companies. Luckily, the stolen information appears to have been limited to the names and e‐mail addresses of only some customers. Apparently, no account numbers or other confidential information was compromised. Nevertheless, names and e‐mail addresses are powerful tools for certain types of cybercriminals known as “phishers” who use social engineering to target potential victims and lure them into exposing confidential financial information.

Users of the Sony Playstation Network may not be as lucky, as upwards of 10 million credit card accounts may have been accessed by hackers in the recent network attack. Sony has been criticized for its response to the incident, and recently put in place a $1 million identity theft insurance policy to cover affected gamers. The danger posed by such data breaches has resulted in the federal government and many states adopting data breach notification laws. If you operate a small business, you may not be aware of your responsibilities under these laws. Further, although many of the state laws are similar, small business owners must be aware that if they have customers in multiple states, they must comply with the data breach laws of each of those states. This begs the question: what are your responsibilities if cybercriminals hack into your company’s computer system and steal sensitive customer data?

Download the full article reprint here.

Leave a Reply

  • Find an eLesson

  • Register for Post Notifications

    Subscribe to receive updates whenever a new eLesson is published.

    Manage Subscriptions
  • Let Us Blog Your Event!

    eLessons Learned is fast becoming the site of choice for employers, employees, judges, lawyers, and journalists who are interested in learning more about these areas without being intimidated by the complexity of the topic. In fact, organizations and event coordinators often feature eLessons Learned as their official eDiscovery blog. Fill out our simple registration form to have eLessons Learned be the official blog of your organization or event.

    Register Now
  • Recent Praise

    The blog takes a clever approach to [e-discovery]. Each post discusses an e-discovery case that involves an e-discovery mishap, generally by a company employee. It discusses the conduct that constituted the mishap and then offers its ‘e-lesson’ — a suggestion on how to learn from the mistake and avoid it happening to you.

    Robert Ambrogi

    Legal Tech Blogger and creator of LawSites

    Although I may have missed some, yours is the first article that I have seen addressing Zubulake II. It is often the lost opinion amongst the others.

    Laura A. Zubulake

    Plaintiff, Zubulake v. UBS Warburg

    Click here to see more.