The massive Epsilon e-mail data breach-which has sent to cyberthieves e-mail addresses from the files of Target, Best Buy, Kroger, Walgreens, Home Depot Credit Card, HSN, Marks and Spencer, New York & Co., Brookstone, Eddie Bauer, Ethan Allen, Fry's Electronics and countless other retailers-may be what finally pushes chains to insist that PCI-like rules be applied to all corporate information and not merely payment data.
Epsilon is merely the latest in a series of publicized, highly embarrassing incidents for retailers where they are taking a consumer black eye for breaches, ethically questionable activities or gaping security holes that were entirely handled by third parties. Whether it's supply-chain management holes perpetrated on a multi-billion-dollar retail chain, SEO efforts against JCPenney or data-backup screw-ups that crippled the American Eagle Outfitter's site for eight days, retail IT execs are learning that as long as they are going to be blamed for what third-parties do in their names, they might as well take a much more active role in beefing up protection of all customer data.
