The highly publicized data breach of email service provider Epsilon could cost the organization upwards of four billion dollars. This estimate comes from a report done by cyber risk advisory firm CyberFactors, and is dependent on what is done with the data.
According to CSO.com
"That figure [$4 billion] could be reached if criminals get hold of the email addresses and successfully exploit them to gather more personal information and carry out a spear-phishing blitz, according to the report. 'However, until such an event takes place and can be directly linked back to this specific breach, the estimate remains theoretical, but certainly possible given the multitude of sites that use email addresses as user IDs,' the report says."
The report goes on further to estimate that the Costs to Epsilon's customers could be $5.5 million each for notification of their customers about the theft, settlements to those customers, legal defense, compliance adjustments and loss of business.
In contrast to this report CEO of Alliance Data Systems, Epsilon's parent company, Ed Heffernan says he sees no meaningful cost or liability stemming from the incident and that they will not see the customer churn that often follows a breach.
Although Heffernan believes he will not see significant costs as a result of the breach, the widely known act could hold weighty impacts to Epsilon and even Alliance Data’s brand. If Epsilon is lucky, the company has the potential to escape any non-compliance fines, but this does not mean they will be free of detrimental brand impact. Brand losses are approximately 49% of the cost of a data breach and Heffernan may not be taking this into account when he states that the cost will not be meaningful.
If you were a company who needed third party email services, would you want to do business with a company that had more than a million customer records at risk? Probably not. A tactical data loss prevention strategy may have saved this company, and those customers affected by the breach the trouble this breach has presented.
No comments:
Post a Comment