How big was the Epsilon data breach?
There's been lots of discussion in the past few weeks about the data breach at Epsilon that exposed the names and email addresses of lots of people to hackers. Exactly how many records were exposed? The most recent announcement from Epsilon says
The affected clients are approximately 2 percent of total clients and are a subset of clients for which Epsilon provides email services.
Some estimates say that Epsilon stores information on roughly 250 million people. If PII of 2 percent of that 250 million were exposed, that means that PII of about 5 million people might have been exposed in Epsilon's breach.
That's a lot of PII to have exposed at once.
But a breach that exposes 5 million records doesn't really look that big when it's compared to other recent breaches. Here's a graph that I created with IBM's Many Eyes data visualization tool. It shows the relative size of recent data breaches (from the Open Security Foundation's data breach database), with a single breach of 5 million records highlighted.
This seems to tell us that a breach that exposes 5 million records really isn't very notable.
If a breach that exposes 5 million records really isn't that notable, that's a sure sign that we're losing way too much data.