Business

E-commerce and data security

The phishers' big catch

A large theft of company e-mail lists causes controversy

AN OUTRAGED consumer-advocacy group is calling it the Fukushima of the e-mail industry.

Comparing mere data theft to Japan's nuclear nightmare is perhaps a bit over the top.

But the theft of data from Epsilon, a marketing-services company, has nonetheless caused widespread concern.

On April 1st Epsilon revealed that an outsider had managed to get hold of the e-mail addresses and names of some individuals that it held on its system.

Many millions of records are reportedly involved, although Epsilon, which is still investigating the cause of the leak, refuses to confirm the exact number.

This is hardly the first time that a big security breach has led to the mass theft of digital data.

But the fallout from the Epsilon debacle will spread far and wide.

The company sends out more than 40 billion e-mails a year on behalf of many of America's biggest companies, including Target, one of the country's largest retailers, JPMorgan Chase, a bank, and the McKinsey Quarterly, a management journal.

Marks & Spencer, a big British retailer, was also among those whose e-mail list was stolen.

Epsilon says that only 2% of its 2,500 clients have been affected by the leak,

but given the size of some of those outfits, this is not much consolation.

Many of the firms involved have been scrambling this week to let their customers know—by e-mail, inevitably—that their personal data may have been compromised.

Some security experts argue that the fuss over the leak is overblown.

They say that e-mail addresses are far less sensitive pieces of information than, say, medical or financial records.

People often post their addresses on their Facebook pages, or print them on their business cards.

Bruce Schneier, an internet-security expert, thinks it is a bit like worrying about spammers stealing a copy of the telephone directory.

All it would do is make their task a bit easier.

Other observers are taking the leak more seriously because the thief stole,

in effect, companies'customer lists and this would allow anyone who buys the lists to aim carefully crafted e-mails at those customers that appear to come from trusted businesses,

asking them to update your account details or otherwise reveal further sensitive information, a scam known as spear-phishing.

Conde Nast, publisher of Vogue, recently lost almost $8m after falling for a fake e-mail purportedly from one of its printers, asking it to divert payments to a different bank account.

If a flood of dodgy e-mails does now appear, it will certainly damage the reputations of the firms that gave Epsilon their customers'data.

Many of them, including Marriott International, a hotel chain, have been quick to blame the marketing firm for the leak and to alert their customers to the risks.

But this may not be enough to spare them from criticism.

Given the size of Marriott, why would you trust a third party to have this information in the first place? wrote a disgruntled commenter on the hotelier's website.

Customers may ask themselves whether companies that cannot keep a simple e-mail list safe can be trusted with more sensitive things, like their credit-card details.

They also have reason to worry that other, more serious, leaks are being hushed up.

The Epsilon case is just the public tip of an iceberg, says Jeff Hudson of Venafi, a data-security firm.

Many instances of data loss, he says, are simply not reported.

Epsilon's leak comes at a time when the authorities in America are taking a hard look at the way people's electronic data are dealt with.

On April 4th it emerged that federal prosecutors in New Jersey are examining how software applications for smartphones collect and share data, amid suspicions that privacy laws have been broken in some cases.

Government officials are also formulating new online-privacy rules that will give people greater control over the way information is collected about them on the web.

The Epsilon episode will surely encourage them to take a strict line on all sorts of data-handling.

商业报道

电子商务与数据安全

数据大失窃

众公司电子邮件名单遭遇严重失窃引发争论

一个出离愤怒的消费者保护团体把这次失窃比作是电子邮件产业的福岛核泄露事件。

把仅仅是数据的失窃和成为日本梦魇的核辐射相提并论，可能有些小题大做了；

但是对于许可电子邮件营销商Epsilon来说，这次它们数据泄露已经引发了广泛的关注。

在4月1日的时候Epsilon就透露说，入侵者已经成功窃取了系统上保存的电子邮箱地址和一些个人姓名。

据传，数以百万计的记录信息遭到窃取，而Epsilon仍在继续调查泄漏原因，并拒绝给出具体的失窃数字。

这已经不是第一次由于安全系统遭到破坏而导致大规模用户数据信息的失窃了，

但这次Epsilon的失窃影响长远。

该公司每年代表众多美国名企发出400多亿封电子邮件，

受影响的包括全美最大的零售商塔吉特，摩根大通银行，

管理期刊麦肯锡季刊，连英国零售业巨鳄马克斯思班塞也未能辛免于难。

Epsilon声称这次泄漏事件里，在2500个客户中只有2%受到影响。

但是如果考虑到客户公司的编制较为庞大，这就算不上是个多么安慰人的消息了。

受波及的公司在这个星期都忙不迭地通过不得不用的电邮去告诉他们的客户，其个人数据可能已遭泄露。

有些安全专家认为这次对数据泄露大惊小怪得有点过了。

他们认为电子邮件地址信息远比不上某些其他信息来得敏感，比如医疗或者财政记录。

人们经常都会在个人的Facebook或者名片上公开他们的邮件地址。

网络安全专家Bruce Schneier认为这有点像担心垃圾邮件发送者拿了他们的电话簿一样。

这只不过是让发垃圾邮件稍微轻松一点罢了。

但是其他的观察者就把这次泄露看的严重得多了，

主要是由于失窃的是众公司客户的邮件地址，这让任何非法购得该名单的人，可以精心选择攻击的邮件对象，像是与受信任业务打交道的客户，

仅是让他们更新一下账户详细信息或者其他方式都可以暴露其更多的个人敏感信息。这种诈骗手法称为鱼叉式网络钓鱼。

时尚杂志Vogue的发行商Condé Nast近期据传中了一个印刷者的假电子邮件的招，要求他把付款转到另外一个账户，接着便损失了将近800万美元。

如果这些钓鱼邮件现在就层出不穷地冒出来，那当然会极大地损害那些把自己客户信息委托给Epsilon的公司的名誉。

包括连锁酒店巨头万豪国际在内的众多公司很快都纷纷把矛头对准信息失窃的Epsilon营销商，并尽快通知了他们的客户可能的风险。

但是这可能不足以平息客户对于他们的指责。

一个评论者用非常不满的语气在酒店官网上写道,如果你考虑到万豪的规模，你怎么会相信一个第三方，直截了当地就把客户信息交给他们？

许多客户甚至质疑，一个连简单的电子邮件都保管不了的公司，还怎么让人相信他可以保管更为敏感的信息，像是他们的信用卡资料等。

他们同样也有理由去担心其他更为严重的泄露都被掩盖住了。

来自数据安全公司的Jeff Hudson说，Epsilon的事情仅仅是冰山一角。

许多数据失窃，他说，都只是没有公开报道罢了。

Epsilon的泄漏事件恰好撞在了美国职能部门对个人电子信息处理检查的枪口时期。

4月4日，新泽西的联邦检察官对某些检查的智能手机上收集并共享数据的应用程序提出质疑，怀疑其有违反隐私法的嫌疑。

政府也在制定新的互联网隐私规定，使得人们能对网上关于他们个人信息收集的方式有更大自主权。

Epsilon的这一事件，必然会促其对各种网上信息处理采取更为严厉的举措。

词语解释

1.controversy n.争议

The mayor will try to accord the controversy over the housing scheme.
市长试图调解住房规划方面的争议。

2.advocacy n.拥护；支持

The police have already rejected applications by different pet advocacy groups to stage demonstrations.
警方已拒绝不同的宠物拥护团体举行游行的申请。

3.nightmare n.恶梦

The nightmare gave her the creeps.
那场恶梦使她不寒而栗。

4.reveal v.显示；透露；揭示

Several withered trees on the sides of the road reveal the desolation here.
道路两旁的几棵枯木显示出这里的荒凉。

5.security n.安全；保证

I'll undertake for your security.
我将保证你的安全。

Business