Email Preferences or Security Invasion?

Tuesday, January 24, 2012

Allan Pratt, MBA


The recent Zappos security breach (whereby many of us received notification via email), caused me to recall an email I received from another well-known retailer.

The email’s subject was “We want to know more about you” and provided a link with the statement, “Please take a few seconds to tell us more about your interests.” But, what exactly does that mean?

Does that mean: customize my email preferences, whereby I will tell the retailer how often I want to receive emails? Or does that mean I should provide my favorite color, my shirt size, my pants size, and my shoe size? And how about sizes and preferences for all family members?

Where do I draw the line about providing personally identifiable information? And what happens to the information I provide? Will the retailer ever sell the information – and what happens if the company’s database is hacked? All we need to do is remember Zappos!

I checked out the link, and it was a landing page on the retailer’s main website that asked for my preferences under the guise of being able to send me emails more often with ads, latest products, sale announcements, recommended items to purchase, etc. – all based on my alleged interests and preferences.

I say alleged because I already receive many of these types of emails – because much of the information can be ascertained based on previous purchases. So why the request for the information? Has this retailer also had its security breached?

Have you received similar emails? If yes, what did you do? Did you just delete them?

Allan Pratt, an infosec consultant, represents the alignment of marketing, management, and technology. With an MBA Degree and four CompTIA certs in hardware, software, networking, and security, Allan translates tech issues into everyday language that is easily understandable by all business units. Expertise includes installation and maintenance of hardware, software, peripherals, printers, and wireless networking; development and implementation of integration and security plans; project management; and development of technical marketing and web strategies in the IT industry. Follow Allan on Twitter ( and on Facebook (

Cross-posted from Tips4Tech

Possibly Related Articles:
Email breaches Privacy Databases Security Awareness Retail Data Loss Prevention Security Personally Identifiable Information Consumers National Cybersecurity Awareness Month Allan Pratt
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.