I worked for RSA for 4 years, both before and after EMC acquired them (I was not working there when the break-in occurred). The security experts at RSA are not the people that are running EMC corporate IT. When the acquisition occurred, RSA IT was one of the first groups to be let go. EMC IT policy seemed to be more worried about meeting regulations for compliance than for implementing security policies that actually made sense.

Epsilon Informs AbeBooks of E-mail Database Breach

We have been informed by Epsilon, a third-party vendor we use to send e-mails, that an unauthorized person outside their company accessed files that included e-mail addresses of some AbeBooks customers. Epsilon has advised us that the files that were accessed did not include any customer information other than email addresses.

As a reminder, AbeBooks will never ask customers for personal or account information in an e-mail. Please exercise caution if you get any emails that ask for personal information or direct you to a site where you are asked to provide personal information.

The last thing you want is users writing ad-hoc queries against your live data. Replicate the data to a reporting database and let them abuse that.