Email marketing company Epsilon announced last week that its databases had been hacked, compromising customer names and e-mail addresses for a number of major companies that outsource their marketing communications to Epsilon.

The Epsilon data breach illustrates some of the security challenges when dealing with cloud computing environments.  Although there are security risks associated with any outsourcing solution, the potential effect of a breach is magnified in a multi-tenant cloud.  Only 2% of Epsilon’s estimated 2,500 clients were affected by the attack, and that still amounted to millions of exposed records.  According to one estimate, the total number of affected individuals could be as high as 100 million. 

Dave Frankland of Forrester Research observes that this incident may cause companies to question whether a multi-tenant deployment model is the best way to process customer data, given that a single breach can give a perpetrator access to a wealth of data. 

Considering the scale of the breach, it is unsurprising that a number of lawmakers are requesting more information about the incident:

  • The U.S. Secret Service is reportedly investigating the breach, as is the Australian Federal Privacy Commissioner.  Sen. Richard Blumenthal (D-CT) has asked U.S. Attorney General Eric Holder to investigate as well. 
  • Sen. Al Franken (D-MN), chairman of the Senate Subcommittee on Privacy, Technology and the Law, told Politico that he would be keeping an eye on the situation.  “Most of the people affected by the Epsilon breach had never heard of that company before this week,” Franken said in a statement. “We need to give Americans more awareness about who has their information and greater ability to protect it.”
  • On the House side, Reps. Mary Bono Mack (R-CA) and G.K. Butterfield (D-NC) sent Epsilon’s parent company a list of questions regarding the incident and the firm’s response.  Said Ken Johnson, one of Rep. Bono Mack’s senior advisers, “There’s a very good chance we will hold a hearing to try and find out what went wrong and what needs to be done to better protect American consumers.”