Seeking to reassure investors that the effects of the recent cyberattack on the e-mail marketing operations of its Epsilon unit will be minimal, parent Alliance Data Systems Corp.’s chief told analysts April 21 that, although the event made clients angry and frustrated, it has not resulted in any significant falloff in business.
Moreover, because no critical personal consumer information was exposed, the attack also should be labeled as merely an “incident” and not an official data breach, Ed Heffernan, Alliance president and CEO, told analysts during a conference call to discuss first-quarter earnings (
The unauthorized March 30 access to Epsilon’s files that exposed millions of consumers’ e-mail addresses and names was “certainly bad,” Heffernan admitted. But the incident affected only about 2% of Epsilon’s client base, and so far the company has not experienced a defection of clients or a slowdown in its e-mail marketing business (
“E-mail volumes have largely remained at expected run rates,” Heffernan said, noting the company is putting “all hands on deck to continue our efforts to rebuild any damaged client relationships” and that he expects the vast majority of Epsilon clients, if not all, to remain with the company.
Though external investigations of the incident continue, the company also expects no meaningful costs or liability to emerge from it, Heffernan said.
Alliance also has begun taking steps to add a number of new security layers to its Epsilon e-mail marketing operations and “build Fort Knox” around it, even if it means making the enhanced system “a little less user-friendly and a little less flexible,” Heffernan said.
Declining to provide technical details of how the attack occurred, Heffernan said Epsilon on March 30 detected “abnormalities” suggesting there had been unauthorized entry to its systems, and within 24 hours the company had determined the extent of the exposure. Immediately afterward, Alliance notified federal authorities and all affected clients.
In the midst of the “feeding frenzy” surrounding news of the incident, there were reports of unauthorized entry into a number of companies that were not Epsilon clients, Heffernan noted. “So there was a lot of misinformation out there in the market, which again I can only suggest that this is a broader issue for the whole industry,” he said, noting Alliance plans to take a leadership role in helping to prevent data breaches as a whole.
After a thorough internal investigation of the incident, “our clients essentially said OK, (and they were) blasting out (e-mail) campaigns within 48 hours of the incident,” Heffernan said.
What do you think about this? Send us your feedback.
