Are Email Addresses Confidential Data?

Are email addresses private data? And, if so, should they be considered during a data breach?

Brian Krebs asks this intriguing question at Security Fix. When email addresses are breached or stolen, they may end up being used for targeted emails (spam or email attacks). Email addresses are powerful tools for attack, including phishing schemes designed to gain access to more personal data. Therefore, an email is like a window into personal data.

A database of email addresses & names for SunTrust & ADP employees was stolen from Salesforce.com. That data was then used in a phishing scheme which was carefully crafted. The scheme urged the employee to download a PDF in reference to an identity theft claim.

Approximately 500 people received those emails, and a few fell for the scam. The issue at hand is not phishing, as that is a fairly universal problem now, but whether or not people should be notified if their email address is breached.

Are email addresses confidential? Some would argue they are available in the public sphere. Others would argue that some remain private and that access to emails in list form increases the risk for phishing scams and potential identity theft incidents.

What do you think? Are email addresses confidential?

Tags: phishing, confidential information, business, security, data breach