Epsilon Pledges to Build 'Fort Knox' Around Breached System

Epsilon plans to increase security measures following a March 30 data breach.

By Grant Gross
Thu, April 21, 2011

IDG News Service — E-mail marketing giant Epsilon will build an industry-leading security system in response to a March 30 breach in which thieves gained access to the e-mail addresses and names of partner's customers, the CEO of Epsilon's parent company said Thursday.

Epsilon had "very strong" security measures in place before the breach, but additional improvements are coming, said Ed Heffernan, president and CEO of Alliance Data Systems.

"Bottom line, we will emerge not just with strong security protocols, but industry-leading," he said. "We're essentially going to build Fort Knox around this thing. We've taken the position now that it's not good enough to be at or above the industry [standard], we need to be the absolute leader in the industry because we are the largest player."

Epsilon's e-mail marketing technologies will sacrifice some flexibility and user-friendliness for security, Heffernan said during a conference call about his company's quarterly profits. Heffernan didn't disclose what new security measures the company planned to take.

The breach affected about 2 percent of Epsilon's clients. Heffernan said. Best Buy (BBY), JPMorgan Chase (JPM) and the Kroger (KR) supermarket chain were among the Epsilon clients that warned their customers about the breach.

Several clients have expressed frustration over the incident, Heffernan said. The company plans to do "whatever it takes" to restore relationships with clients, he said.

"While knowing we are the victim of this crime, we will not be playing that card," he said. "Rather, we view our role as standing up and taking the hit for what these cyber-crooks did. We will learn from the experience and come out stronger than ever."

Still, Alliance Data Systems projected no "meaningful" costs or liability related to the incident, Heffernan said. E-mail volumes have remained at the expected levels, and the company expects no changes in Epsilon's financial results going forward.

The company expects the "vast, vast majority, if not all," of Epsilon's clients to remain with the company, he said. Client retention will be a top priority at Epsilon moving forward, company officials said.

The company detected "abnormalities" in its e-mail marketing system on March 30 and began notifying clients and U.S. law enforcement officials within 24 hours, Heffernan said.

Heffernan declined to discuss details of the breach.

Epsilon's investigation found that e-mail addresses and names were stolen, but no personally identifiable information (PII), such as account numbers or credit card numbers, he said.

"Stolen e-mail addresses are certainly bad, but stolen PII is what we would call really, really bad," he said.

Alliance Data Systems officials called their first quarter earnings "strong." Epsilon's revenue increased 23 percent to $156 million from the first quarter of 2010. The breach happened one day before the first quarter ended.

Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's e-mail address is grant_gross@idg.com.

Our Commenting Policies