US marketing firm Epsilon was hit by one of the biggest data thefts to date, the work of highly sophisticated cyber thieves, says parent company Alliance Data Systems.
Millions of names and e-mail addresses were stolen from Epsilon, which handles e-mail marketing campaigns for 2,500 companies, including Marks & Spencer and the Ritz-Carlton, which were among the more than 40 companies affected by the breach.
Both companies have issued warnings to customers in the UK in recent days to be on the look out for phishing and scam e-mails.
Alliance Data, Epsilon and all its customers affected by the breach have emphasised that no financial details were taken, but security experts say the risk is high of receiving targeted phishing e-mails in future.
Rik Ferguson, director security research and communication at security firm Trend Micro, says that in reality the attacker not only has names and e-mail addresses, but also information about where these people shop, bank, stay on holiday and more.
Alliance Data says Epsilon is investigating the breach with federal authorities and outside forensics experts and implementing additional security protocols, according to US reports.
"We will leave no stone unturned and are dealing with this malicious act by highly sophisticated cyber thieves with the greatest sense of urgency," Alliance Data chief executive Ed Heffernan said in a statement.
Data Alliance recognises the impact the breach has had on its clients and their customers, chief executive Ed Heffernan said in a statement.
"On behalf of the entire Alliance Data organisation, we sincerely apologise," Heffernan said.
Image: Email from M&S to customers, informing them of the breach at Epsilon