The ultimate fee for the data breach last month at email service provider Epsilon could reach as high as $4 billion, depending on what becomes of the data that was stolen, according to a cyber-risk advisory firm.

The firm's more conservative estimate for the cost of the March 30 breach is $637.5 million. That's in stark contrast to the estimate given by Ed Heffernan, the president and CEO of Epsilon's parent company, Alliance Data Systems. He projected no "meaningful" costs or liability related to the incident and that the "vast, vast majority, if not all," of Epsilon's clients would stick with the company.

But CyberFactors says it is more likely that Epsilon will lose some current customers and lose the business of potential future customers who are scared away by news of the breach.

Costs to Epsilon's customers could be $5.5 million each for notification of their customers about the theft, settlements to those customers, legal defense, compliance adjustments and loss of business, the report says.

Epsilon's costs will include all of those factors plus a forensic investigation into how the breach happened, regulatory investigations and fines, CyberFactors says.

Read more at IDG.