Epsilon confirms that no financial data was breached, as it admits that the potential loss of clients is its greatest risk
Epsilon has reconfirmed that no personal identifiable information was compromised in the recent breach of its database. In a statement, its parent company Alliance Data Systems said that the unauthorised entry only saw email addresses and/or customer names taken and not social security numbers, credit card numbers or account information.
Ed Heffernan, chief executive officer of Alliance Data Systems, said: “We fully recognise the impact this has had on our clients and their customers and on behalf of the entire Alliance Data organisation, we sincerely apologise.
“While we can't reverse what has already happened, we are taking every measure necessary to protect our clients and their most valuable assets, their customers. Once detected, we took immediate action to implement additional safeguards and launched a full investigation. We will leave no stone unturned and are dealing with this malicious act by highly sophisticated cyber thieves with the greatest sense of urgency."
Epsilon confirmed that two per cent of its email clients' customer information had been exposed by an unauthorised entry into its email system. It said that since that discovery, rigorous internal and external reviews continue to confirm that only email addresses and/or names were compromised. It is now working with Federal authorities and outside forensics experts to both investigate this matter and to ensure that any additional security safeguards needed will be promptly implemented.
Epsilon also confirmed that security protocols controlling access to the system have undergone a rigorous review and access has been further restricted as the ongoing investigation continues. It said that marketing campaigns were restarted as clients continued to receive further assurance regarding security.
“The company believes the greatest risk to Epsilon and Alliance Data is the potential loss of valued clients. Specifically, the company's number one priority over the near and long-term will be to ensure that Epsilon's clients regain complete trust in the company's operations. All efforts will be made to reach out to those affected clients and provide whatever assistance is needed to preserve their business over the long term,” it said in a statement.
Bryan J. Kennedy, president of Epsilon, said: “We are extremely regretful that this incident has impacted a portion of Epsilon's clients and their customers. We take consumer privacy very seriously and work diligently to protect customer information.
“We apologise for the inconvenience that this matter has caused consumers and for the potential unsolicited emails that may occur as a result of this incident. We are taking immediate action to develop corrective measures intended to restore client confidence in our business and in turn regain their customers' confidence."
Source: http://www.scmagazineuk.com/epsilon-confirms-that-no-financial-data-was-breached-as-it-admits-that-the-potential-loss-of-clients-is-its-greatest-risk/article/200122/