Computer hackers gained access to the email addresses of customers of several large US banks and other companies in a potentially huge data breach at US online marketing firm Epsilon.
Banking firms Citigroup, JPMorgan Chase and Capital One, retailers Best Buy and Kroger and home entertainment provider TiVo were among those informed by Epsilon that some customer email addresses had been compromised.
Hilton Worldwide and the College Board, which administers nationwide scholastic tests, were also among those informing customers of the breach.
The Irving, Texas-based Epsilon, a marketing vendor used by 2,500 companies around the world to send more than 40 billion emails a year, said the hackers obtained email addresses and customer names but no other information.
"A subset of Epsilon clients' customer data were exposed by an unauthorized entry into Epsilon's email system," the company said in a brief statement.
"The information that was obtained was limited to email addresses and/or customer names only," it said. "A rigorous assessment determined that no other personal identifiable information associated with those names was at risk."
Epsilon said it detected the breach on March 30 and that an investigation is under way.
Citi told customers that "no account information or other information was compromised" and Capital One said it had been told the compromised files did not include any personally identifiable or customer financial information.
JPMorgan Chase said it had been "advised by Epsilon that the files that were accessed did not include any customer financial information, but are actively investigating to confirm this."
Hilton Worldwide told its customers that the most likely impact of the data breach "if any, would be receipt of unwanted emails."
The College Board said Epsilon did not have access to social security numbers or credit card data but "it is possible you may receive spam email messages as a result (of the data breach)."
Online travel site TripAdvisor said last month that hackers stole a portion of its email member list.
Explore further: No consensus on how to notify data breach victims