The March 30 data breach at the email marketing company Epsilon put millions of customer of such notable companies as Best Buy, Ethan Allen, Walgreens, Target and a host of banks vulnerable to a potential onslaught of spam and phishing attacks. The breach to Epsilon's servers has left some important questions unanswered, and it spotlights some common concerns about the security of cloud-based services.  

While some of the affected companies were attempting to warn customers via email to avoid phishing scams, customers were already receiving phishing emails masquerading as the companies, reports Lisa Greim at PCWorld. One email disguised as a message from Chase warned the recipient: "Don't click links in email! For more info, click here!"

Epsilon isn't the only marketing firm that has left its clients' customers in a vulnerable position this year, reports Robert Lemos at CSO. Unanimis, an advertising company, was hacked in February, and malicious ads ended up on prominent websites as a result.

The recent breaches have spurred calls for better security standards for non-financial data like email addresses. "We need a PCI equivalent outside the card space," said Avivah Liten, vice president of security research at Gartner. "Until we have that, you really should think twice about it. More and more business are moving to the cloud now. The main concerns have been security and risk, and we now see these are valid concerns."

While email addresses are considered much less sensitive than financial information, for some organizations they may become too sensitive to outsource to a third party if it means risking the customer relationship, reports Fahmida Y. Rashid at eWeek. The multi-tenant environment of cloud services means that a breach into one system can give hackers a multitude of data. The Epsilon breach reignites concerns about the security of this environment.

"Customers will surely start to wonder if they can't trust these firms with their email addresses. [They ask themselves if it's] really that smart to trust them with their credit card data, or with their mortgage," said Dave Frankland, principal analyst at Forrester Research.

For more:
- see Lisa Greim's post at PCWorld
- see Robert Lemos' post at CSO
- see Rahmida Y. Rashid's post at eWeek

Related Articles:
RSA tells more about SecurID breach
BP loses oil, now personal data
Three data breaches that underscore human error
Study says a data breach costs $7.2 million
Gamers leave radiology center's data exposed