As the scope of the email data breach that affected customers of top companies like Target, Best Buy, J.P. Morgan Chase expands to a point where it could become the biggest of its kind in U.S. history, the company behind the breach, Epsilon, finds itself in hot, boiling hot, waters on Capitol Hill.
The Hill reports that Sen. Richard Blumenthal (D-Conn.) wrote a letter to Attorney General Eric Holder calling on the Department of Justice to open an investigation:
“While some of Epsilon’s client companies have notified their customers of the breach, other consumers may be unaware that their names, email addresses and other potentially identifying information may be at risk,” Blumenthal said. “I believe that immediate notification to all customers is vital to protect them — and enable them to protect themselves — from identity theft.”
Blumenthal also called on Epsilon or its clients to pay for financial data security services and credit reports for affected consumers for two years, arguing the released names and email addresses could be used by criminals to obtain financial information.
Epsilon, a leading online marketing company, told 17 of its largest clients, from Disney to credit card issuers and national retail chains like Walgreens, on March 31st that a data breach had occurred on March 30th, resulting in the release of the personal data, including names and email addresses, of millions of consumers.
It was left to the affected companies to tell their customers, which they did throughout the weekend and into the next week through mass emails and social media networks like Twitter.
The chairman of the Subcommittee on Privacy, Technology and the Law, Sen. Al Franken (D-Minn.), told Politico that Americans should know more about who owns their information.
“Most of the people affected by the Epsilon breach had never heard of that company before this week,” Franken told Politico in a statement. “We need to give Americans more awareness about who has their information and greater ability to protect it.”
Franken also told the paper he wants “to explore these issues more as chairman of the new Subcommittee on Privacy, Technology and the Law.”
Politico’s Morning Tech also reports there is bipartisan movement in the House, where Epsilon and others involved in the breach could be called to a hearing. Rep. Mary Bono Mack (R-Calif.) and G.K. Butterfield (D-N.C.), the leaders of the commerce subcommittee with chief jurisdiction on privacy issues, Politico reports, pressed Epsilon’s president and CEO for answers on why the breach happened and how many consumers were affected.
“Despite Epsilon’s attempts to downplay the extent of the data breach, we take this incident very seriously and will investigate it thoroughly,” a top aide to Rep. Bono Mack told the paper.
The increased focus by lawmakers comes as the news keeps getting worse for Epsilon.
Alliance Data Systems Corp., Epsilon’s parent company, released a statement emphasizing the data breach only revealed the e-mail and names of its customers, not “personal identifiable information.”
But the company also issued a mea culpa to consumers and its clients, vowing it had reviewed and tightened its own security protocols while continuing to work with federal authorities and outside experts on the investigation into how the breach occurred.
“We are extremely regretful that this incident has impacted a portion of Epsilon’s clients and their customers,” said Bryan J. Kennedy, president of Epsilon. “We take consumer privacy very seriously and work diligently to protect customer information.”