The $100 million price tag includes direct costs Alliance Data Systems will have to pay to upgrade information security systems, conduct audits, and pay possible fines, as well as indirect costs of lost sales, according to analysts consulted by Reuters news service.
Alliance said it only expects a “minimal if any impact” on its financial performance, guidance, or overall future outlook from the Epsilon breach.
However, Larry Ponemon, head of the Ponemon Institute, estimates that Alliance Data faces a cost of at least $20 per compromised record and that hackers probably obtained names or email addresses of at least 100,000 customers at each of Epsilon clients. Security site threatpost.com has listed over 50 companies that have notified customers of the breach. This would bring the total cost to $100 million, Reuters noted.
Josh Shaul, chief technology officer with Application Security, thinks the Ponemon estimate of 100,000 customers per client is low. He told Reuters that Epsilon sends out 40 billion emails annually.
Deepak Taneja, an analyst with Aveksa, said the costs could be higher if Epsilon clients seek to recover costs associated with the breach – such as alerting customers – from Alliance Data.