評論
打印
Business
商業報道
E-commerce and data security
電子商務與數據安全
The phishers' big catch
數據大失竊
A large theft of company e-mail lists causes controversy
眾公司電子郵件名單遭遇嚴重失竊引發爭論
AN OUTRAGED consumer-advocacy group is calling it the Fukushima of the e-mail industry.
一個出離憤怒的消費者保護團體把這次失竊比作是電子郵件產業的福島核泄露事件。
Comparing mere data theft to Japan's nuclear nightmare is perhaps a bit over the top.
把僅僅是數據的失竊和成為日本夢魘的核輻射相提并論,可能有些小題大做了;
But the theft of data from Epsilon, a marketing-services company, has nonetheless caused widespread concern.
但是對于許可電子郵件營銷商Epsilon來說,這次它們數據泄露已經引發了廣泛的關注。
On April 1st Epsilon revealed that an outsider had managed to get hold of the e-mail addresses and names of some individuals that it held on its system.
在4月1日的時候Epsilon就透露說,入侵者已經成功竊取了系統上保存的電子郵箱地址和一些個人姓名。
Many millions of records are reportedly involved, although Epsilon, which is still investigating the cause of the leak, refuses to confirm the exact number.
據傳,數以百萬計的記錄信息遭到竊取,而Epsilon仍在繼續調查泄漏原因,并拒絕給出具體的失竊數字。
This is hardly the first time that a big security breach has led to the mass theft of digital data.
這已經不是第一次由于安全系統遭到破壞而導致大規模用戶數據信息的失竊了,
But the fallout from the Epsilon debacle will spread far and wide.
但這次Epsilon的失竊影響長遠。
The company sends out more than 40 billion e-mails a year on behalf of many of America's biggest companies,
該公司每年代表眾多美國名企發出400多億封電子郵件,
including Target, one of the country's largest retailers, JPMorgan Chase, a bank, and the McKinsey Quarterly, a management journal.
受影響的包括全美最大的零售商塔吉特,摩根大通銀行,
Marks & Spencer, a big British retailer, was also among those whose e-mail list was stolen.
管理期刊麥肯錫季刊,連英國零售業巨鱷馬克斯思班塞也未能辛免于難。
Epsilon says that only 2% of its 2,500 clients have been affected by the leak,
Epsilon聲稱這次泄漏事件里,在2500個客戶中只有2%受到影響。
but given the size of some of those outfits, this is not much consolation.
但是如果考慮到客戶公司的編制較為龐大,這就算不上是個多么安慰人的消息了。
Many of the firms involved have been scrambling this week to let their customers know—by e-mail, inevitably—that their personal data may have been compromised.
受波及的公司在這個星期都忙不迭地通過不得不用的電郵去告訴他們的客戶,其個人數據可能已遭泄露。
Some security experts argue that the fuss over the leak is overblown.
有些安全專家認為這次對數據泄露大驚小怪得有點過了。
They say that e-mail addresses are far less sensitive pieces of information than, say, medical or financial records.
他們認為電子郵件地址信息遠比不上某些其他信息來得敏感,比如醫療或者財政記錄。
People often post their addresses on their Facebook pages, or print them on their business cards.
人們經常都會在個人的Facebook或者名片上公開他們的郵件地址。
Bruce Schneier, an internet-security expert, thinks it is a bit like worrying about spammers stealing a copy of the telephone directory.
網絡安全專家Bruce Schneier認為這有點像擔心垃圾郵件發送者拿了他們的電話簿一樣。
All it would do is make their task a bit easier.
這只不過是讓發垃圾郵件稍微輕松一點罷了。
Other observers are taking the leak more seriously because the thief stole,
但是其他的觀察者就把這次泄露看的嚴重得多了,
in effect, companies'customer lists and this would allow anyone who buys the lists to aim carefully crafted e-mails at those customers that appear to come from trusted businesses,
主要是由于失竊的是眾公司客戶的郵件地址,這讓任何非法購得該名單的人,可以精心選擇攻擊的郵件對象,像是與受信任業務打交道的客戶,
asking them to update your account details or otherwise reveal further sensitive information, a scam known as spear-phishing.
僅是讓他們更新一下賬戶詳細信息或者其他方式都可以暴露其更多的個人敏感信息。這種詐騙手法稱為魚叉式網絡釣魚。
Conde Nast, publisher of Vogue, recently lost almost $8m after falling for a fake e-mail purportedly from one of its printers, asking it to divert payments to a different bank account.
時尚雜志Vogue的發行商Condé Nast近期據傳中了一個印刷者的假電子郵件的招,要求他把付款轉到另外一個賬戶,接著便損失了將近800萬美元。
If a flood of dodgy e-mails does now appear, it will certainly damage the reputations of the firms that gave Epsilon their customers'data.
如果這些釣魚郵件現在就層出不窮地冒出來,那當然會極大地損害那些把自己客戶信息委托給Epsilon的公司的名譽。
Many of them, including Marriott International, a hotel chain, have been quick to blame the marketing firm for the leak and to alert their customers to the risks.
包括連鎖酒店巨頭萬豪國際在內的眾多公司很快都紛紛把矛頭對準信息失竊的Epsilon營銷商,并盡快通知了他們的客戶可能的風險。
But this may not be enough to spare them from criticism.
但是這可能不足以平息客戶對于他們的指責。
Given the size of Marriott, why would you trust a third party to have this information in the first place? wrote a disgruntled commenter on the hotelier's website.
一個評論者用非常不滿的語氣在酒店官網上寫道,如果你考慮到萬豪的規模,你怎么會相信一個第三方,直截了當地就把客戶信息交給他們?
Customers may ask themselves whether companies that cannot keep a simple e-mail list safe can be trusted with more sensitive things, like their credit-card details.
許多客戶甚至質疑,一個連簡單的電子郵件都保管不了的公司,還怎么讓人相信他可以保管更為敏感的信息,像是他們的信用卡資料等。
They also have reason to worry that other, more serious, leaks are being hushed up.
他們同樣也有理由去擔心其他更為嚴重的泄露都被掩蓋住了。
The Epsilon case is just the public tip of an iceberg, says Jeff Hudson of Venafi, a data-security firm.
來自數據安全公司的Jeff Hudson說,Epsilon的事情僅僅是冰山一角。
Many instances of data loss, he says, are simply not reported.
許多數據失竊,他說,都只是沒有公開報道罷了。
Epsilon's leak comes at a time when the authorities in America are taking a hard look at the way people's electronic data are dealt with.
Epsilon的泄漏事件恰好撞在了美國職能部門對個人電子信息處理檢查的槍口時期。
On April 4th it emerged that federal prosecutors in New Jersey are examining how software applications for smartphones collect and share data, amid suspicions that privacy laws have been broken in some cases.
4月4日,新澤西的聯邦檢察官對某些檢查的智能手機上收集并共享數據的應用程序提出質疑,懷疑其有違反隱私法的嫌疑。
Government officials are also formulating new online-privacy rules that will give people greater control over the way information is collected about them on the web.
政府也在制定新的互聯網隱私規定,使得人們能對網上關于他們個人信息收集的方式有更大自主權。
The Epsilon episode will surely encourage them to take a strict line on all sorts of data-handling.
Epsilon的這一事件,必然會促其對各種網上信息處理采取更為嚴厲的舉措。
