mickeysshoes
Well-Known Member
I was thinking the same thing...seems like everyone uses this firm....but not for long
-
Welcome to the WDWMAGIC.COM Forums!
Please take a look around, and feel free to sign up and join the community.
Email addresses compromised through Disney Destinations!
- Thread starter NewfieFan
- Start date
I was thinking the same thing...seems like everyone uses this firm....but not for long
juniorthomas
Well-Known Member
Seriously. I must have received four separate messages saying my e-mail address was given out. Everyone must have used them.
I can put it a bit nicer. The two incidents are more than likely unrelated. Always remember that correlation does not always equal causation. What happens in a breach like this is a spammer will get hold of a list of valid email addresses. Nothing more. The only way it can harm your computer is if you open up a spam email containing a virus or malware. This would be no different that someone getting your mailing address and sending you a jar of bees. As long as you do not open it you will be fine.
mickeysshoes
Well-Known Member
I am up to 7 or 8......
juniorthomas
Well-Known Member
I really cant wait for all the new spam.
fyn
Member
Email From Disney said:
You can choose not to believe that, but it doesn't make much sense. If you assume Disney is lying to you about compromising your personal information beyond an email address, why trust them with anything? You could just as ridiculously assume they share your credit card information with anyone that asks for it.
Also, I'm fairly certain they're legally obligated to inform you of exactly what information was compromised, which they have.
Pumbas Nakasak
Heading for the great escape.
While Disney will be telling the truth it is naive to think that such information isnt passed if it is needed.
fyn
Member
I don't really buy that. Then again, with my personal information compromised, I might not have a choice!
:lol:
AEfx
Well-Known Member
Yeah, but this company had nothing to do with credit cards.
They are really just a bulk emailer for large companies. You can visit their website here.
They are not a payment processor, nor do they actually do any referals. Basically, Disney, TiVo, whomever sends them a list of customers to spam...er, send promotional materials to, and they send it out.
You never do any business with them, they basically just design and forward emails. My understanding is that they wouldn't even have access to the systems where financial information is kept by any company - they likely just get sent a batch file with the names and email addresses they are to spam...er, market to.
I know you hail from the other side of the pond, and I'm not sure about the laws there, but here we have very strict rules about customer notifications about something like this. I have gotten 4 of them so far, and they *must* accurately disclose what information was taken, or face legal penalties. It's taken very seriously (and sometime too seriously, as this has created quite a panic in people that would have never noticed if they hadn't gotten the notification).
The information breech was on Epsilon's end - and they simply have the data file the companies sent them with names/emails. There is really no way they would have access to any financial data, and if they did - by law, they have to disclose it. It's really one of the only areas of the law that have truly kept up with the Internet.
unkadug
Follower of "Saget"The Cult
You have been around here long enough to know the nature of SAK. He speaks his mind and there is generally a bit of thruth of what he speaks.
While I understand your reluctance to admit that there may be more to this than they admit to, it's still a major breech of security. There have been documented cases of financial data being leaked before and it's not beyond the stretch of imagination that there may be more to this than is publicly being admitted to.
Depending upon where EPSILON is located (which I admit, I have not researched) they don't have to admit the severity of their breech...laws vary. There is no international judge and jury of what must be admitted as far as these types of indiscretions are concerned.
Loss of business will be there number one punishment.
My computer crashed due to a faulty Microsoft update, I jokingly blamed Epsilon on this thread, but still...you never know...there may be some weird connection. :shrug: Just food for thought...I will now remove the tinfoil hat. :lol:
AEfx
Well-Known Member
Oh, I know Pumbas Nakasak.
Been here awhile. They are located in Dallas, and like I said, the one area of Internet law that the US has been pretty pro-active in is privacy and notifications. It's also an area that MANY watchdog groups are so on top of it isn't even funny. Epsilon is being pretty transparent about the whole thing.
What I was explaining is that Epsilon did *not have* your credit card data, so it couldn't be stolen if they do not have it. As Pumbas said, it's passed when they need it and Epsilon never needed it because they have nothing to do with payments, they are just paid to forward emails.
Epsilon is a marketing company (it was the highest rated one last year, in fact, in what is becoming a pretty crowded marketplace). They do not process sales. They do not have access to Disney's computers.
Disney, TiVo, etc. - all these companies do is send a batch file (a big computer file meant to be processed automatically by another entities computer) that contained email addresses and names (and they only have the names so they can say, "Dear AEfx - Here is your Disney Hello!"). The only data that existed on their servers was this batch file. It's likely this is sent down-link to them (which means it's sent to them, but they can't communicate back). So it's not like they have to login to Disney's servers, go into their files, and extract your info - it's sent to them in a little package that only contains the data they need.
So, Epsilon has this big file of names and email addresses, and they basically forward emails to those email addresses. They do not process payments, they do not have anything at all to do with anything but sending you your, "Disney Hello!"
I'm all for being suspicious, but I also believe in being practical which is why I've posted this stuff. Epsilon is the #1 company for this type of work (and no, I don't work for them nor did I know their name before this, LOL, so I have no interest in "protecting" them or any such thing), and this affected HUGE clients (look how many notices some of us have gotten).
This is all over CNN Money, and every other news site out there. There are federal laws that apply to financial transactions, and the sharing of financial data. This is so public if there was any question we'd have heard it by now. Epsilon did not have any financial data for anyone as they just forward emails (or at least the department that was breached did - but even so, they still do not process payments of any type - that is a credit card processor, which would be a MUCH bigger deal privacy wise.)
The worst thing that is going to happen is an increase of Spam, and possibly some phishing. Both should be completely avoidable. The only way they will get your financial info is if you get an email saying, "This is Disney, we need to verify your credit card, please email it to us/click this link to give it to us" you DO NOT go, like you wouldn't for any email that asks that. Just like PayPal tells you to never click a link in your email to "PayPal", you go to the address bar and type paypal.com so you know you are going to the right place.
If Disney's payment processor (which would be another company who's name none of us would know) had been breached, it would have been a MUCH bigger deal. People don't realize it, but when you use your Chase Credit card at Target, it doesn't just go from Target to Chase. It goes through at least one company in between, a processor, whom none of us would recognize, and if THEY had been breached, it would have been a much bigger deal.
I'm totally one for being aware of issues like this, but there is no need for anyone to worry about financial information as Epsilon simply did not have it on their computers to begin with. They just don't do that kind of work.
ArielLover
Active Member
Oh, I know Pumbas Nakasak.
They are located in Dallas, and like I said, the one area of Internet law that the US has been pretty pro-active in is privacy and notifications. It's also an area that MANY watchdog groups are so on top of it isn't even funny. Epsilon is being pretty transparent about the whole thing.
What I was explaining is that Epsilon did *not have* your credit card data, so it couldn't be stolen if they do not have it. As Pumbas said, it's passed when they need it and Epsilon never needed it because they have nothing to do with payments, they are just paid to forward emails.
Epsilon is a marketing company (it was the highest rated one last year, in fact, in what is becoming a pretty crowded marketplace). They do not process sales. They do not have access to Disney's computers.
Disney, TiVo, etc. - all these companies do is send a batch file (a big computer file meant to be processed automatically by another entities computer) that contained email addresses and names (and they only have the names so they can say, "Dear AEfx - Here is your Disney Hello!"). The only data that existed on their servers was this batch file. It's likely this is sent down-link to them (which means it's sent to them, but they can't communicate back). So it's not like they have to login to Disney's servers, go into their files, and extract your info - it's sent to them in a little package that only contains the data they need.
So, Epsilon has this big file of names and email addresses, and they basically forward emails to those email addresses. They do not process payments, they do not have anything at all to do with anything but sending you your, "Disney Hello!"
I'm all for being suspicious, but I also believe in being practical which is why I've posted this stuff. Epsilon is the #1 company for this type of work (and no, I don't work for them nor did I know their name before this, LOL, so I have no interest in "protecting" them or any such thing), and this affected HUGE clients (look how many notices some of us have gotten).
This is all over CNN Money, and every other news site out there. There are federal laws that apply to financial transactions, and the sharing of financial data. This is so public if there was any question we'd have heard it by now. Epsilon did not have any financial data for anyone as they just forward emails (or at least the department that was breached did - but even so, they still do not process payments of any type - that is a credit card processor, which would be a MUCH bigger deal privacy wise.)
The worst thing that is going to happen is an increase of Spam, and possibly some phishing. Both should be completely avoidable. The only way they will get your financial info is if you get an email saying, "This is Disney, we need to verify your credit card, please email it to us/click this link to give it to us" you DO NOT go, like you wouldn't for any email that asks that. Just like PayPal tells you to never click a link in your email to "PayPal", you go to the address bar and type paypal.com so you know you are going to the right place.
If Disney's payment processor (which would be another company who's name none of us would know) had been breached, it would have been a MUCH bigger deal. People don't realize it, but when you use your Chase Credit card at Target, it doesn't just go from Target to Chase. It goes through at least one company in between, a processor, whom none of us would recognize, and if THEY had been breached, it would have been a much bigger deal.
I'm totally one for being aware of issues like this, but there is no need for anyone to worry about financial information as Epsilon simply did not have it on their computers to begin with. They just don't do that kind of work.
Agreed:sohappy::sohappy:
unkadug
Follower of "Saget"The Cult
Oh, I know Pumbas Nakasak.
They are located in Dallas, and like I said, the one area of Internet law that the US has been pretty pro-active in is privacy and notifications. It's also an area that MANY watchdog groups are so on top of it isn't even funny. Epsilon is being pretty transparent about the whole thing.
What I was explaining is that Epsilon did *not have* your credit card data, so it couldn't be stolen if they do not have it. As Pumbas said, it's passed when they need it and Epsilon never needed it because they have nothing to do with payments, they are just paid to forward emails.
Epsilon is a marketing company (it was the highest rated one last year, in fact, in what is becoming a pretty crowded marketplace). They do not process sales. They do not have access to Disney's computers.
Disney, TiVo, etc. - all these companies do is send a batch file (a big computer file meant to be processed automatically by another entities computer) that contained email addresses and names (and they only have the names so they can say, "Dear AEfx - Here is your Disney Hello!"). The only data that existed on their servers was this batch file. It's likely this is sent down-link to them (which means it's sent to them, but they can't communicate back). So it's not like they have to login to Disney's servers, go into their files, and extract your info - it's sent to them in a little package that only contains the data they need.
So, Epsilon has this big file of names and email addresses, and they basically forward emails to those email addresses. They do not process payments, they do not have anything at all to do with anything but sending you your, "Disney Hello!"
I'm all for being suspicious, but I also believe in being practical which is why I've posted this stuff. Epsilon is the #1 company for this type of work (and no, I don't work for them nor did I know their name before this, LOL, so I have no interest in "protecting" them or any such thing), and this affected HUGE clients (look how many notices some of us have gotten).
This is all over CNN Money, and every other news site out there. There are federal laws that apply to financial transactions, and the sharing of financial data. This is so public if there was any question we'd have heard it by now. Epsilon did not have any financial data for anyone as they just forward emails (or at least the department that was breached did - but even so, they still do not process payments of any type - that is a credit card processor, which would be a MUCH bigger deal privacy wise.)
The worst thing that is going to happen is an increase of Spam, and possibly some phishing. Both should be completely avoidable. The only way they will get your financial info is if you get an email saying, "This is Disney, we need to verify your credit card, please email it to us/click this link to give it to us" you DO NOT go, like you wouldn't for any email that asks that. Just like PayPal tells you to never click a link in your email to "PayPal", you go to the address bar and type paypal.com so you know you are going to the right place.
If Disney's payment processor (which would be another company who's name none of us would know) had been breached, it would have been a MUCH bigger deal. People don't realize it, but when you use your Chase Credit card at Target, it doesn't just go from Target to Chase. It goes through at least one company in between, a processor, whom none of us would recognize, and if THEY had been breached, it would have been a much bigger deal.
I'm totally one for being aware of issues like this, but there is no need for anyone to worry about financial information as Epsilon simply did not have it on their computers to begin with. They just don't do that kind of work.
Perhaps they didn't for Disney, but are we sure they didn't for other companies? If you are certain, then I'm satisfied...I'm just asking the question.
Pumbas Nakasak
Heading for the great escape.
As an operations director for a small marketing company I can assure you that on some occasions financial data is passed in extracts, whether by design or accident. Thats why I was simply pointing out that it is erroneous to say they could never have it. But if they only do electronic media Im sure they will be less likely to undertake campaigns that would require use of such information.
AEfx
Well-Known Member
According to every news report I have read, the division that was compromised strictly had email addresses and names. I am by no means an expert on the company, but everything I can find says that they do nothing in the financial sector (any type of payment processing) as they are a marketing firm.
:shrug:
unkadug
Follower of "Saget"The Cult
That's my point exactly...do we know that that is all that they do...bulk emails?
It doesn't seem to me that a business that's sole job is to send out emails (that anyone could do) would be that profitable. Unless they are charging an arm and a leg for some made up service that the clients IT department should be capable of doing.
But knowing the history of Disney's website's functionality, that really comes as no surprise.
Perhaps I am just naive. But if the company that I work for wanted to send out massive emails we would just do it our self...how much of a problem is it to hit "SEND"?
Perhaps I can see our ISP balking at the bandwidth, but perhaps it would be more financially sound to upgrade our service than to pay a third party some astronomical amount to do what I could do myself. Am I wrong? What am I missing here ?
BalooChicago
Well-Known Member
If you were to send at the volume these companies need to, you'd likely get kicked off your ISP. At the very least, you'd end up with legitimate emails getting blocked from some systems as recipients rightly or wrongly click "SPAM" in their gmail, etc (Rather than unsubscribe, I bet a lot of people click "SPAM" on the Disney Destination emails, especially if they don't remember giving permission to Disney to send it to them). If your company gets put on one of the realtime email blacklists legitimate business could suffer as emails get blocked. That's the kind of thing Epsilon dealt with.
I could cut my own grass, change my own oil, make my own dinner, but sometimes it doesn't make sense to do those things myself. There evidentally are at least 2500 companies which use Epsilon for this service, clearly, they see it (or should I say, saw it) as worthwhile.
Courtney1188
New Member
Yes, it really was just e-mail addresses that were accessed, nothing else. I work for one of the many companies that use Epsilon, and as others have stated we are legally obligated to disclose absolutely everything that was accessed. And it really was just e-mail addresses. Nothing to get too excited about.
And when you have literally hundreds of thousands of customers in your database and send out at least one e-mail a week, yes, it does make sense to outsource it. When you have as many clients as Epsilon has it is actually quite profitable.
And when you have literally hundreds of thousands of customers in your database and send out at least one e-mail a week, yes, it does make sense to outsource it. When you have as many clients as Epsilon has it is actually quite profitable.