Best Buy Co., TiVo Inc., and Walgreen Co. are the latest in a seemingly endless string of companies to warn over the weekend that hackers gained access to customers' files, including email addresses.
The companies all use the same marketing and communications vendor, Epsilon. It's a leading marketing services firm that sends more than 40 billion emails annually and has more than 2,500 clients including seven of the Fortune 10. Epsilon, based in Dallas, issued a brief statement on Friday saying "a full investigation was under way" following the discovery of the breach of some customer client data. The company said that information obtained was limited to names and email addresses and that "no other personal identifiable information associated with the names was at risk."
Epsilon spokeswoman Jessica Simon declined to comment further late Sunday.
The companies affected said Epsilon informed them of the breach and told them the compromised files do not include any personally identifiable information stored with the marketer. However, hackers could use these email addresses to trick customers into providing more personal information such as Social Security numbers.
Best Buy, the nation's largest consumer electronics chain, tweeted a link to a statement Sunday, saying it was doing its own investigation of the breach. It also reminded customers to ignore emails asking for confidential information. And Delaware-based Barclays Bank, which issues Visa credit cards on behalf of L.L. Bean, sent emails to its customers warning of the breach but assured them that their credit card numbers are safe. However, it cautioned they could be subject to spam seeking personal information.
TiVo and Walgreens issued similar warnings Saturday.
JPMorgan Chase & Co. and grocery operator Kroger Co, which also use Epsilon to send emails, said Friday they had been affected by the breach. JPMorgan said the files concerned did not include customers' financial details. Kroger said that while a database with customer names and email addresses had been breached, no information connected with consumers' 1-2-3 Rewards MasterCard account had been involved.