NEW YORK More U.S. companies, including Target Corp (TGT.N) and Marriott International MAR.N, came forward on Monday to tell their customers that their names and email addresses had been exposed in a massive online data breach.
Last week, a computer hacker penetrated the online marketer Epsilon, which controls the customer email databases for a broad swath of companies, from Citigroup to Walgreen.
In what could be one of the biggest such breaches in U.S. history, companies from banks and retailers to student-testing organizations have warned customers that some of their electronic information had been compromised.
The disclosures continued on Monday, as Epsilon indicated that the breach had hit about 50 companies in all. Discount retailer Target and hotel chains Marriott and Blackstone Group LP's (BX.N) Hilton Hotels informed their customers that their names or email addresses had been part of the data breach.
Epsilon, an online marketing unit of Alliance Data Systems Corp (ADS.N), sends more than 40 billion email ads and offers annually, usually to people who register for a company's website or who give their email addresses while shopping.
Security experts said the massive data breach should only put customers at risk if they respond to camouflaged emails seeking their credit card and other financial information.
The discount retailer sent an email to customers on Monday evening, telling them that their email addresses may have been compromised but "no personally identifiable information, such as names and credit card information, was involved."
The company said in an emailed statement on Monday night that "email addresses used for promotions and marketing were exposed."
The hotel operator responded to the Epsilon data breach on its website on Monday, saying that "the unauthorized person(s) had access to names and email addresses only. They did not have access to sensitive customer information, such as physical addresses, point balances, account logins and passwords, credit card information or other personal data."
The hotel operator told customers on Monday that their names and email addresses were part of the breach.
"The files accessed did not include any customer financial information. ... The most likely impact, if any, would be receipt of unwanted e-mails," Hilton told customers in an email.
The company did not respond to requests for comment.
US BANCORP (USB.N)
The Minneapolis bank confirmed on Monday that some of its customers' email addresses had been exposed in the Epsilon breach.
"No financial information is shared with Epsilon," spokeswoman Teri Charest wrote in an emailed statement.
The companies who said since Friday that their customers' names or email addresses were exposed in the Epsilon data breach include:
JPMorgan Chase & Co (JPM.N), the second-largest U.S. bank
Citigroup Inc (C.N), the third-largest U.S. bank
Capital One Financial Corp (COF.N), a bank and credit card lender
Kroger Co (KR.N), the biggest U.S. supermarket operator
Walgreen Co WAG.N, the largest U.S. drugstore
Best Buy Co (BBY.N), the largest U.S. consumer electronics chain
TiVo Inc (TIVO.O), a maker of digital video recorders
HSN Inc (HSNI.O), a teleshopping company
The College Board, which administers the SAT admissions tests and represents some 5,900 colleges, universities and schools (Reporting by Maria Aspan and Martinne Geller)