The firm Epsilon, which helps firms market through e-mail, said "a subset" of its clients' customer data were exposed by an unauthorized entry its e-mail system, allowing the hacker access to names and e-mail addresses, but no other data.
Disney, one of the companies reporting it was caught up in the incident, said millions of its customers' e-mail addresses had been stolen as Disney Destination's marketing database had been compromised.
Huliq reported Monday several other corporations had begun informing consumers their e-mail addresses had been pirated. Huliq said Epsilon confirmed the customer lists from Capital One, US Bank, JP Morgan Chase, Walgreens, Brookstone, Home Shopping Network and many others had been breached.
The list also includes Citi, Tivo, Ritz-Carton Rewards, Marriott Rewards, New York & Co., The College Board, McKinsey & Co., Ameriprise Financial, Kroger and LL Bean Visa Card.
U.S. retail giant Best Buy said "the e-mail addresses of some Bust Buy customers were accessed without authority," but that no data concerning credit cards had been taken.
Best Buy said it was "actively investigating," Epsilon's claim that "no other information is at risk." But the retailer warned customers to be on the alert "to any unusual or suspicious e-mails."
"As our experts at Geek Squad would tell you, be very cautious when opening links or attachments from unknown senders," the firm said in a statement.
Epsilon, which helps corporations market through e-mails, sends 40 billion e-mails per year, most of them promotional in nature.
A breach of e-mail addresses leaves consumers vulnerable to "phishing" fraud in which the hackers send e-mails that look like they are from a credible source, but then ask for confirmation on more critical information, such as credit card numbers.
The e-mail may also ask a consumer to visit a bogus company site, where they are instructed to confirm other information or make a purchase using a credit card number or bank account number.