The Epsilon breach involved millions of addresses at some of America's best-known companies. Some security breaches can cost hundreds of dollars per compromised record.
Richard B. Levine/Newscom/File
What may be one of the biggest data breaches of all time occurred at marketing firm Epsilon. But it's the company's clients, such as Best Buy, JPMorgan, TiVo, Walgreen, and Kroger, who will end up paying the price.
Hackers accessed millions of names and e-mail addresses through Epsilon, a Dallas-based firm that manages e-mail lists for major retailers and banks.
“I would not expect Epsilon to lose significant amounts of revenue,” says Larry Ponemon, the chairman of the Ponemon Institute, a research institute in Traverse City, Mich., that publishes an annual study on the cost of data breaches. But “the companies that use Epsilon … they may actually see a loss of customer goodwill."
A loss of goodwill could make it harder for a company to retain existing customers and acquire new ones. Even when the breach was caused by a third party and is not disastrous – this one involved e-mail addresses, not customers' financial information – it can create the same level of ill will toward a company that a serious breach would.
When a company notifies a consumer of a data breach, most don't read beyond the first couple of sentences, a 2009 Ponemon Institute study found. “They’re not going to read the fine print,” Mr. Ponemon says.