UPDATE: Apparently, a slew of hotel chains' rewards programs have also been hit by the Epsilon breach; affected chains include Hilton, Red Roof Inn, Ritz-Carlton and Marriott.
While most of these companies are understandably mum on how many customers might be at risk, it's not inconceivable that millions of users' information may have been accessed by an unauthorized party.
Epsilon, a digital marketing firm that does a fair amount of email marketing, notified its clients Friday that "an unauthorized entry into Epsilon's email system" had occurred. The firm stated at the time that the compromised data "was limited to email addresses and/or customer names only. A rigorous assessment determined that no other personal identifiable information associated with those names was at risk."
On yesterday, we knew the names of a handful of affected clients. However, we are learning today that the data breach applies to some of the largest names in retail, including Target and Best Buy. Anyone who has signed up for or opted into email or other digital marketing campaigns from these companies may have had their name and email address or addresses accessed by an unknown party.
According to an email from Target, "Epsilon took immediate action to close the vulnerability and notified law enforcement."
However, Target is now notifying customers whose information was compromised that their email addresses and names may now be in unsafe hands and is asking customers to exercise care when opening and responding to email.
The entire list of companies whose customers' data has been accessed is unknown, but we'll list the ones we know about below. We'll add more names as they become available. If you received an email that your information may have been compromised due to the Epsilon breach, please do let us know in the comments section.
Target
Best Buy
Walgreen's
Capital One
TiVo
JP Morgan Chase & Co.
Kroger
US Bank
Citi
McKinsey & Company
Ritz-Carlton Rewards
Marriott Rewards
New York & Company
Brookstone
The College Board
Home Shopping Network (HSN)
LL Bean
Disney Destinations
Barclays Bank of Delaware
The items below have been provided by Mashable readers who said they've been notified by the companies about Epsilon email breaches:
Air Miles
Red Roof Inn
AbeBooks
Hilton Honors
Beachbody
1-800-Flowers
The Home Depot
TigerDirect
New York & Company
Bebe
For marketing companies that handle customer data for multiple large corporations, security ought to be a top priority -- especially because these third parties are often a more attractive and "easy" target for black-hat hackers.
For now, customers are advised to use common sense: Don't provide sensitive information over email and don't respond to emails from senders you don't know. At the best, you might see slightly more spam than usual in your inbox. At worst, you might have your email account brute-forced and mined for other sensitive data. In either case, an extra dose of caution and an extra secure password are in order.