The medical substance giant pointed out to its customers that their E-mail addresses were stored in such a way as to indicate which sites they visited. That could easily reveal the disease that was afflicting most of those visitors. This reminds us that the combination of an E-mail address and a visited domain can reveal quite a bit. What about Victoria's Secret's visitors? Or the list from 1-800-Flowers, from the perspective of a bride who knows that she certainly hasn't received any flowers recently? Or any other specialty domain? Just a thought the next time someone casually mentions that Epsilon was just an E-mail list breach.
GlaxoSmithKline Proves That An E-mail Plus A Domain Can Be A Heck Of A Lot Of Data
When the Epsilon E-mail database nightmare exploded earlier this month, the most comforting thought offered by many was that it was only E-mail addresses. Therefore, the comforting thought continued, the worst outcome would merely be an increase in SPAM. Not that many bought that line even initially, but one of the latest breach victims—GlaxoSmithKline—put that theory to rest.