Publicerad februari 22, 2023

What email marketers need to learn from the Mailchimp hack

At the beginning of the year, hackers once again attacked the newsletter service provider Mailchimp. They captured data from over 133 companies that use the Mailchimp service. This incident illustrates once again why the protection of personal data is particularly critical in email marketing. Read this blog post to find out how companies can best protect themselves against attacks and how email marketers can work in compliance with GDPR using Optimizely Campaign.

graphical user interface

While numerous cyberattacks are often successful due to technical vulnerabilities in the IT infrastructure, the Mailchimp database was apparently accessed through a concerted social engineering attack on an employee.1 This allowed the attackers to gain access to the customer support and account administration databases.However, they did not just steal the data of the 133 Mailchimp customers mentioned above. As Mailchimp is an email marketing service, it is likely that mailing lists of Mailchimp customers were also copied during the attack.2

Stolen data can be misused for phishing purposes

The effects of the attack are not yet foreseeable. However, experience from past attacks shows that stolen data and information are very likely to be used in phishing emails in particular. For example, attackers use them to fake the sending of an original newsletter to which the recipient has subscribed. This email in turn contains a link behind which the access data for more sensitive accounts - for example personal login data for online banking - is requested.

Hack particularly affects the commerce environment

The companies affected by the hack include prominent customers such as WooCommerce3, a store solution that is very popular with brands and retailers, and the crypto platform Solana.4 In these cases, it stands to reason that attackers will misuse the copied email addresses, particularly in the e-commerce context. It is therefore quite conceivable that the Mailchimp hack could be followed by wallet attacks on Solana customers, for example.

Data protection and IT security are still being neglected

Against the backdrop of this scenario, data protection and IT security are of central importance. Unfortunately, many companies neglect this aspect. The potential damage that can result from negligent handling of data protection is enormous. Legislation punishes a breach of data protection with severe fines that can amount to up to four percent of a company's global annual turnover or up to 20 million euros.5 What's more, the damage caused by data leaks also has a massive impact on customers. Ultimately, brands also suffer as a result. Corporate data leaks generally have a negative impact on the customer experience. In this case, they not only damage the brand reputation, but can also affect sales.

Dedicated compliance program ensures effective controls

For this reason, email marketers should pay very close attention to the data protection precautions that service providers offer in their solution. Solutions such as Optimizely Campaign, which are continuously being developed further, are characterized by a dedicated compliance program that ensures effective and robust controls that are subject to extremely high quality requirements.

To this end, Optimizely has had its Digital Experience Platform (DXP), the web and server-side experimentation and Campaign certified in accordance with ISO standard 27001. The standard describes a defined process and quality standard to which Optimizely voluntarily submits. It includes internal audits, critical tests, inspections, assessments and reviews of the information security system. The benefit of independent third-party certification for users is that they can be confident that Optimizely has extremely robust and effective security controls in place to protect their data.

GDPR requirements fulfilled

With this ISO setup, Optimizely customers are well equipped to fully comply with current data protection requirements. This includes the GDPR (the EU's General Data Protection Regulation).

Extensive catalog of additional security measures

An extensive catalog of specific security measures also shows that data protection and security are a high priority at Optimizely. For this reason, a special Trust Team takes care of all security, data protection and compliance measures. These range from password hashing to an intrusion detection system (IDS) and a security incident event management system (SIEM) for servers that host Optimizely products. A key aspect with regard to GDPR compliance is that the Optimizely server location is in the Federal Republic of Germany and therefore on EU territory. This is also accompanied by TIER IV server security, 24/7 security monitoring and a powerful IP filter.

Conclusion

These measures apply to all Optimizely products, including Campaign. The email marketing suite is one of the few platforms that can actually boast ISO 27001 certification. This not only protects customer data from unauthorized access. The solution also attaches great importance to data protection and supports email marketers in sending data protection-compliant messages. Campaign thus comprehensively protects its users and their customers from attacks and offers email marketers and email recipients a resilient environment that meets the highest security standards.

Omnichannel marketing trends that you can implement with Optimizely Campaign

We have prepared an eBook on Omnichannel Marketing Trends 2023 that provides you with helpful tips and tricks for future marketing campaigns. Download the eBook now and learn:

  • Why omnichannel marketing is so important in 2023,
  • why data and AI are the key to success for marketing teams and
  • which omnichannel marketing trends you should keep an eye on for the year.

Keep an eye on new features in Optimizely Campaign

Optimizely Campaign is constantly evolving. The quarterly updates are summarized on the following landing page. This will keep you up to date with the latest innovations in Optimizely Campaign.

1 See techcrunch.com
2 Cf. ibid.
3 Cf. ibid.
4 Cf. cointelegraph.com
5 https://www.datenschutz.org/dsgvo-bussgeld/