E-mail marketing giant Epsilon will build an industry-leading security
system in response to a March 30 breach in which thieves gained access
to the e-mail addresses and names of partner's customers, the CEO of
Epsilon's parent company said Thursday.
Epsilon had "very strong" security measures in place before the
breach, but additional improvements are coming, said Ed Heffernan,
president and CEO of Alliance Data Systems.
"Bottom line, we will emerge not just with strong security protocols,
but industry-leading," he said. "We're essentially going to build Fort
Knox around this thing. We've taken the position now that it's not
good enough to be at or above the industry [standard], we need to be
the absolute leader in the industry because we are the largest
player."
Epsilon's e-mail marketing technologies will sacrifice some
flexibility and user-friendliness for security, Heffernan said during
a conference call about his company's quarterly profits. Heffernan
didn't disclose what new security measures the company planned to
take.
The breach affected about 2 percent of Epsilon's clients. Heffernan
said. Best Buy, JPMorgan Chase and the Kroger supermarket chain were
among the Epsilon clients that warned their customers about the
breach.
Several clients have expressed frustration over the incident,
Heffernan said. The company plans to do "whatever it takes" to restore
relationships with clients, he said.
"While knowing we are the victim of this crime, we will not be playing
that card," he said. "Rather, we view our role as standing up and
taking the hit for what these cyber-crooks did. We will learn from the
experience and come out stronger than ever."
Still, Alliance Data Systems projected no "meaningful" costs or
liability related to the incident, Heffernan said. E-mail volumes have
remained at the expected levels, and the company expects no changes in
Epsilon's financial results going forward.
The company expects the "vast, vast majority, if not all," of
Epsilon's clients to remain with the company, he said. Client
retention will be a top priority at Epsilon moving forward, company
officials said.
The company detected "abnormalities" in its e-mail marketing system on
March 30 and began notifying clients and U.S. law enforcement
officials within 24 hours, Heffernan said.
Heffernan declined to discuss details of the breach.
Epsilon's investigation found that e-mail addresses and names were
stolen, but no personally identifiable information (PII), such as
account numbers or credit card numbers, he said.
"Stolen e-mail addresses are certainly bad, but stolen PII is what we
would call really, really bad," he said.
Alliance Data Systems officials called their first quarter earnings
"strong." Epsilon's revenue increased 23 percent to $156 million from
the first quarter of 2010. The breach happened one day before the
first quarter ended.
No comments:
Post a Comment