The parent company of marketing firm Epsilon said Wednesday that potential client losses are the biggest risk it faces from a data breach that exposed customers' email addresses.
Alliance Data Systems Corp., the Plano, Texas, company that operates Epsilon, said in a Securities and Exchange Commission filing that it is working with federal authorities and "outside forensic experts" to investigate the incident and determine if other safety measures should be taken.
"The company's number one priority over the near and long-term will be to ensure that Epsilon's clients regain complete trust in the company's operations," Alliance Data said.
Epsilon operates email marketing campaigns for thousands of corporations, including large banks and retailers. On Friday it announced that a breach of its system occurred March 30, exposing names and email addresses of its clients' customers.
The data accessed did not include personal identifiable information, such as Social Security numbers, credit card numbers or account information, Alliance Data reaffirmed in the filing Wednesday.
The incident affected about 2% of Epsilon's client base, the filing said.
"The company believes the greatest risk to Epsilon and Alliance Data is the potential loss of valued clients," it said.
Security experts say the breach could lead to "spear phishing" attacks, in which a hacker targets victims who are customers of banks or other companies that it knows.
Several of Epsilon's bank clients, including JPMorgan Chase & Co., Citigroup Inc., and U.S. Bancorp, notified its customers of the breach over the weekend, urging customers to be cautious of emails asking for personal information.