In March 2011, hackers stole millions of names and e-mail addresses from the Dallas-based marketing firm. Epsilon handles e-mail lists for major retailers and banks like Best Buy, JPMorgan, TiVo, Walgreen, and Kroger. A study by CyberFactors, a cyber risk analytics company, estimates that the breach could cost between $225 million and $4 billion, depending on what happens with the stolen data, Business Wire reports. Mr. Ponemon offers a lower estimate: at least $100 million, with most of the lost costs going toward losing customers due to a damaged reputation. Ponemon says that because the stolen data was e-mail information, the costs won't be as high as if financial information had been stolen.