As part of his role as chairman of the Privacy, Technology and the Law subcommittee, Sen. Al Franken, D-Minn., is investigating the security breach at marketing and management firm Epsilon that occurred earlier this month.
University of Minnesota students were bombarded with emails last week from Epsilon clients, including Target, Citigroup and Verizon. The messages notified them of the breach that unveiled the records of approximately 2 percent of the marketing database companyâÄôs 2,500 corporate clients.
Now Congress is demanding the company release more information about the breach.
On Monday subcommittee member Sen. Richard Blumenthal, D-Conn., requested Epsilon CEO Bryan Kennedy come up with a plan to prevent data hackings in the future. Franken said a major problem is that many Americans donâÄôt know where their information is stored or whoâÄôs in charge of it.
âÄúThis is one of the largest data breaches in history,âÄù Franken said in a written statement. âÄúYet most of the people affected by the Epsilon breach had never heard of that company before.âÄù
While the Epsilon breach is a national concern, Franken said itâÄôs also a particular problem for Minnesota, as many state employers do business with the email marketing firm, including Best Buy and U.S. Bank. Franken vowed to do more to protect usersâÄô information online.
The U.S. SenateâÄôs Privacy, Technology and the Law subcommittee is part of the Judiciary Committee and was formed in February. It came in response to the explosion of social media and online activity in general, Judiciary Committee Chairman Sen. Patrick Leahy, D-Vt., said in a statement.
âÄúWe need to give Americans more awareness about who has their information and [give them] greater ability to protect it,âÄù he said in the statement.
As Congress is looking for a more detailed report on the magnitude of the breach, students are on the lookout for the phishing scams expected in the wake of the breach.
Marketing senior Gina Clementi got an email about the breach from Express and heard about it in her business class at the University.
âÄúThey called [phishing] the next wave of crime, and it definitely scared me,âÄù Clementi said. âÄúThe email says âÄòHey, weâÄôve got it all under control,âÄô and it could be a cover-up, we donâÄôt really know.âÄù
Since the cyber thieves obtained names and email addresses, consumers are at risk for âÄúspear phishingâÄù âÄî phishing scams targeted to specific individuals via email or phone.
âÄúI feel like IâÄôm smart enough to know whatâÄôs legit and whatâÄôs not,âÄù mechanical engineering senior Jim Dawson said. âÄúI always follow the general rule that you donâÄôt give out info unless you initiated some contact first.âÄù
The Epsilon incident is the second major email marketing company breach within six months since Silverpop âÄìâÄì a provider with more than 100 clients, including McDonaldâÄôs âÄìâÄì was hacked in December.
Alliance Data, EpsilonâÄôs parent company, confirmed that Social Security and credit card numbers were safe.
Epsilon currently makes up 22 percent of Alliance DataâÄôs total profit, taking in $65 million last year.