Email marketing services company Epsilon's recent data breach could cost the company as much as $4 billion, according to a worst-case scenario outlined in a recent report.
Epsilon will face years of repercussions, up to $225 million in liabilities and $45 million in lost business, cyber-risk analytics and intelligence firm CyberFactors said in a report released April 29. The report broke down costs for forensics audits and monitoring, fines, litigation and lost business for Epsilon and its affected customers in a three-year outlook.
The total cost of the Epsilon breach could eventually run as high as $3 billion to $4 billion, given that compromised email addresses could be used by hackers and phishers to gain access to sites that contain consumers' personal information, according to CyberFactors. This figure includes costs to Epsilon, its customers and the individuals whose email addresses were stolen. Until a spear phishing campaign that can be directly linked to the breach occurs, the estimate remains "theoretical," according to the report.
"Cloud companies would be wise to think more like banks, insurance companies and hedge funds, and not just aggregators of the world's precious data and technology dependencies," said Regina Clark, research and analytics director for CyberFactors.
The company disclosed March 30 that attackers had breached its databases and stolen email addresses for two percent of its customers, which included major names such as Best Buy, Citibank and the Walt Disney Company. Epsilon has not revealed the number of affected consumers or the number of email addresses stolen.
Despite Epsilon's claim of two percent affected customers on an April conference call with analysts, it was more likely that the breach involved 75 companies, or three percent, of the company's client roster, according to the CyberFactors report. The repercussions, which include notifying customers and changing marketing strategies, would wind up costing $412 million. Combine that with liabilities, and Epsilon is looking at an aggregate cost of $637 million, or more than half a billion dollars, for an email database.
For more, read the eWEEK article: Epsilon Data Breach to Cost Billions in Worst-Case Scenario.