Potential client losses are the biggest risk Epsilon faces from a data breach that exposed customers’ e-mail addresses, the marketing firm’s parent said April 6.
Alliance Data Systems Corp., the Plano, Texas-based company that operates Epsilon, said in a Securities and Exchange Commission filing it is working with federal authorities and “outside forensic experts” to investigate the incident and determine whether it should take other safety measures.
“The company’s number one priority over the near and long term will be to ensure that Epsilon’s clients regain complete trust in the company’s operations,” Alliance Data said.
Epsilon operates e-mail marketing campaigns for thousands of corporations, including large banks and retailers. On April 1, it announced that a breach of its system occurred March 30, exposing names and e-mail addresses of its clients’ customers.
The data accessed did not include personal identifiable information, such as Social Security numbers, credit card numbers or account information, Alliance Data reaffirmed in the April 6 filing.
The incident affected about 2% of Epsilon’s client base, the filing said. “The company believes the greatest risk to Epsilon and Alliance Data is the potential loss of valued clients,” it said.
The breach could lead to “spear phishing” attacks, in which a hacker targets victims who are customers of banks or other companies that it knows, security experts say.
Several of Epsilon’s bank clients, including JPMorgan Chase & Co., Citigroup Inc., and U.S. Bancorp, notified their customers of the breach over the weekend, urging them to be cautious of e-mails asking for personal information.
