By Brenton Cordeiro
Bangalore, April 4 (Reuters) - Analysts remained optimistic on Alliance Data Systems (ADS.N), even as a data breach at the company's Epsilon unit exposed names and e-mails of its clients' customers, and sent its stock down nearly 7 percent.
On Friday, Epsilon, which sends over 40 billion permission-based emails annually on behalf of its 600-plus clients, said a "subset" of Epsilon clients' customer data were exposed by an unauthorized entry into Epsilon's email system. [ID:nL3E7F13F4]
Several major U.S. companies, including JPMorgan Chase & Co (JPM.N), Kroger Co(KR.N), Citigroup Inc (C.N), Walgreen Co WAG.N, TiVo Inc (TIVO.O) and Capital One Financial Corp (COF.N), confirmed that they have been affected by the breach. [ID:nN03201363]
"The security breach reported late Friday by several clients of Epsilon appears to be benign based on the nature of the data that was accessed," said David Scharf of JMP Securities, who maintained a "market outperform" rating on Alliance Data stock.
Investor concerns on the possible impact on Alliance Data both in terms of potential lawsuits and loss of clients showed on Monday, with the stock hitting an intraday low of $80.31 on the New York Stock Exchange.
"While the stock may overreact, Alliance Data may be able to successfully navigate the challenges," Stifel Nicolaus' Chris Brendler said.
Epsilon, which provides services that include database development and management, marketing analytics, and delivery services such as email communications, accounted for about 22 percent of Alliance Data's revenue in 2010.
In an interview with Reuters last November, Alliance Data CEO Edward Heffernan said Epsilon would continue to be its "shining star probably over the next couple of years," but analysts now express concerns on the possibility of lawsuits or customer losses for the unit.
"We think there is a significant possibility that Alliance Data will face monetary damages for the breach," Stifel's Brendler said. "Depending on Alliance Data's fault and response, Epsilon could face significant attrition."
The leak is limited to email addresses and customer names only, the Alliance Data unit said in a statement on Friday, but even if the leak is limited to just emails, the affected companies could be vulnerable to phishing attacks, analysts say.
"We don't believe the incident will have any significant financial implications for the company," Macquarie's Bill Carcache said and reiterated his "outperform" rating on Alliance Data's shares.
Epsilon is currently conducting an investigation into the incident, but the exact number of clients or the extent to which they have been affected is unknown for now.
Its spokeswoman Jessica Simon declined to identify which other Epsilon clients were affected by the data breach. The vendor is "cooperating with a number of authorities now, so I don't know how long it (the investigation) will take," she said.
The incident comes three years after hackers penetrated credit and debit card processor Heartland Payment Systems HPY.N to steal millions of payment card numbers, in one of the biggest identity-theft cases in the history of United States.
Heartland's stock has since rebounded, growing about 15 percent this year alone.
(Reporting by Brenton Cordeiro; Editing by Joyjeet Das)
((Brenton.Cordeiro@thomsonreuters.com; within U.S. +1 646 223 8780; outside U.S. +91 80 4135 5800; Reuters Messaging: firstname.lastname@example.org))
C Reuters 2011. All rights reserved. Republication or redistribution ofReuters content, including by caching, framing or similar means, is expresslyprohibited without the prior written consent of Reuters. Reuters and the Reuterssphere logo are registered trademarks and trademarks of the Reuters group ofcompanies around the world.