“Unfortunately, what that does outsource control of the customer information but doesn’t abdicate responsibility for the protection of their customer information.”
Hardy says that credit card companies and health care providers are taking the lead in demanding stricter data protection.
“They don’t wait for a breach. You actually have to pass these accreditations on an annual basis, or you lose certain rights to use those credit cards or to participate in health care information networks, etc.”
The cyber attack on Epsilon may be the largest in U.S. history in terms of sheer volume of data stolen. But will probably prove less costly than the 2008 assault on credit- and debit-card processor Heartland Payment Systems. That case saw the theft of more than 40 million payment card numbers. The hackers that broke into Epsilon’s systems stole only names and e-mail addresses.