The company responsible for one of the most publicised data breaches this year fears it may now lose some business but says that it continues to pump out marketing emails as usual.
Epsilon Interactive's parent company, Alliance Data, apologised for a data breach that has left millions of customers of some of the world's largest companies wondering if they may soon be the target of spam or phishing attacks. Marks and Spencer and Benefit Cosmetics are among the UK firms whose customers have been affected by the breach.
Alliance Data said the incident - now under investigation by US federal authorities - will have a minimal effect on its bottom line, but worried about the possible impact on its business.
"The company believes the greatest risk to Epsilon and Alliance Data is the potential loss of valued clients," Alliance Data said, but it "expects this incident to have minimal - if any - impact on Alliance Data's financial performance."
The email data breach
Alliance Data is one of the largest marketing data firms in the world. Recently, someone broke into its subsidiary's computer systems and downloaded customer names and email addresses belonging to nearly 60 Epsilon customers, who use the marketing company to send email messages to customers. Although the affected customers represented just 2 percent of Epsilon's 2,500 clients, they amount to a who's who of UK and US business.
Companies including Benefit and M&S have sent out thousands of notification emails this week, warning customers that their email addresses have been stolen, and telling them to be on the look-out for phishing messages or spam. Many consumers say they received several of these notification messages.
Security experts say that knowing people's names, email addresses and the companies they do business with makes it easier for scammers to craft believable 'spear-phishing' messages. They worry that the breach could lead to a rash of spam or targeted phishing attacks.
Neither Epsilon nor Alliance Data will say how many customers are being notified, but they say that only customer names and email addresses - not account information such as passwords or credit card details - were stolen.
'We sincerely apologise'
"We fully recognise the impact this has had on our clients and their customers, and on behalf of the entire Alliance Data organisation, we sincerely apologise," Alliance Data said. "We will leave no stone unturned and are dealing with this malicious act by highly sophisticated cyber-thieves with the greatest sense of urgency."
Alliance Data says that the 40 billion email messages that Epsilon sends out each year continue to be pumped out. "Epsilon's email volumes are not expected to be significantly impacted," the company said.
The website Databreaches.net has compiled a list of all affected companies, counting 57 organisations to date.