The parent company of the marketing firm Epsilon said potential client losses are the biggest risk it faces from a data breach that exposed customers' email addresses.
Alliance Data Systems Corp. of Plano, Texas, which operates Epsilon, said Wednesday in a Securities and Exchange Commission filing that it is working with federal authorities and "outside forensic experts" to investigate the incident and determine if other safety measures should be taken.
"The company's No. 1 priority over the near and long term will be to ensure that Epsilon's clients regain complete trust in the company's operations," Alliance Data said.
Epsilon operates email marketing campaigns for thousands of corporations, including large banks and retailers. On April 1 it announced that a breach of its system occurred March 30, exposing names and email addresses of its clients' customers.
Several of Epsilon's bank clients, including JPMorgan Chase & Co., Citigroup Inc. and U.S. Bancorp, notified customers of the breach over the weekend, urging them to be cautious of emails asking for personal information.
The data accessed did not include personal identifiable information, such as Social Security numbers, credit card numbers or account information, Alliance Data reaffirmed in the filing Wednesday.
The incident affected about 2% of Epsilon's client base, the filing said. "The company believes the greatest risk to Epsilon and Alliance Data is the potential loss of valued clients," it said.