Permission email marketing outsourcer Epsilon has announced a data breach which may affect millions of individuals.

In a single-paragraph statement, the company said the breach affects “a subset” of its customer data, but does not disclose the extent of the breach. The unauthorised entry into its email system gained access “only” to customer names and email addresses, the company’s announcement says.

(Aside: while reading the brief announcement on Epsilon's site, The Register was presented with an “invalid security certificate” warning, shown below.)

As Epsilon claims to deliver more than 40 billion emails each year, “a subset” of its clients’ databases could be very large indeed.

Over the weekend, affected Epsilon customers named by various sources (such as MSNBC) included US supermarket chain Kroger, JP Morgan, Capital One, TiVo, Walgreens, Marriott Rewards and Citibank.

According to the MSNBC report, at least one of the Epsilon customers whose data was breached, Marriott Rewards, warned of more than just customer name and email being exposed. It advised customers that the information accessed included member point balances.

Most of the companies breached have warned customers to be on the alert for phishing attempts.

Other reports can be found in Security Week, the Wall Street Journal, and Bloomberg. ®

Related stories

• Travelodge blames 'vindictive individual' for email database breach (5 August 2011)
• Updated Pixmania users report scam-spam bombardment (8 June 2011)
• Hackers say Acer breach leaked data for 40,000 users (3 June 2011)
• BP loses personal details on spill victims (30 March 2011)
• Hackers make off with TripAdvisor's membership list (24 March 2011)
• RSA breach leaks data for hacking SecurID tokens (18 March 2011)
• Updated UK cyclists hit by fraud after online purchase at website (17 March 2011)
• York Uni exposes students' private info (16 March 2011)