Important notice from A Random Corporation™ with my personal data

Outsourcing is wonderful, because you don’t have to do the dirty work yourself.

Outsourcing sucks, because you’re at the mercy of the quality (or lack thereof) of your new bestest friend partner … who’s never quite as pretty as during the days you were dating.

I don’t know if you’ve gotten any of these Dear John letters from major hotel chains lately, but I’ve gotten three. Here’s the one from Marriott:

April 4, 2011

Dear Marriott Customer,

We were recently notified by Epsilon, a marketing vendor used by Marriott International, Inc. to manage customer emails, that an unauthorized third party gained access to a number of Epsilon’s accounts including Marriott’s email list.

In all likelihood, this will not impact you. However, we recommend that you continue to be on the alert for spam emails requesting personal or sensitive information. Please understand and be assured that Marriott does not send emails requesting customers to verify personal information.

We take your privacy very seriously. Marriott has a long-standing commitment to protecting the privacy of the personal information that our guests entrust to us. We regret this has taken place and apologize for any inconvenience.

Please visit our FAQ to learn more.


Marriott International, Inc.

The Epsilon mentioned is marketing-as-usual-not-a-chance … an email marketing firm that manages 2500 clients’ email campaigns and sends out 40 billion emails a year, according to this Fast Company story about the security breach.

Apparently the break affected only 2% of its clients, which is still more than 50 large companies … companies that most people would recognize (see the full list at SecurityWeek).

I’m guessing my name and email address is one of the breached ones, seeing as how I’ve received 3 emails from 3 different companies telling me that I may be affected … and that Marriott is among the listed companies at SecurityWeek.

Ahh well … I’m public enough with all my data to be a major spam target anyways.

The major downside of outsourcing critical customer intelligence like this? Creating super-delectable targets for spammers and hackers.

With data from many massive companies all housed in one place … it’s a big temptation. A big target.

And a single breach exposes a LOT of data.


1 CommentLeave a comment

  • John, as I’m sure you’d agree, oursourcing such task is becoming more and more of a necessity in today’s business world. With that though comes the added risk taking that goes with it. One of the main risks is that the client side (e.g. The Marriott) is taking it on good faith that the security surrounding the data being housed by the service provider (e.g. Epsilon) is good enough to ward off any attempted unauthorized access. With that said there will only be so much that a company will be able to do. Why? Because for most, the up front cost of housing and adminstrating one’s own email services is much greater than outsourcing it to a service provider that can use economies of scale to keep cost (for their customers) down. Cost down to the point that it makes sense for the potential customer to be a customer of theirs. It would be very interesting to examine how much it truly costs the customer to outsource a service rather than perform the service themselves. Especially when one put’s into the entire equation the cost of the customer needing to address and resolve issues that can arise with the outsourcing vendor (e.g. breach of customer data).

    Good stuff and thanks for sharing!