More U.S. companies, including Target and Marriott International came forward to tell their customers that their names and email addresses had been exposed in a massive online data breach.

Last week, a computer hacker penetrated the online markeeter Epsilon, which controls the customer email databases for a broad swath of companies, from Citigroup to Walgreen.

In what could be one of the biggest such breaches in U.S. history, companies from banks and retailers to student-testing organizations have warned customers that some of their electronic information had been compromised.

The disclosures continued on Monday, as Epsilon indicated that the breach had hit about 50 companies in all. Discount retailer Target and hotel chains Marriott and Blackstone Group LP's Hilton Hotels informed their customers that their names or email addresses had been part of the data breach.

Epsilon, an online marketing unit of Alliance Data Systems, sends more than 40 billion email ads and offers annually, usually to people who register for a company's website or who give their email addresses while shopping.

Security experts said the massive data breach should only put customers at risk if they respond to camouflaged emails seeking their credit card and other financial information.


The discount retailer sent an email to customers on Monday evening, telling them that their email addresses may have been compromised but "no personally identifiable information, such as names and credit card information, was involved."

The company said in an emailed statement on Monday night that "email addresses used for promotions and marketing were exposed."


The hotel operator responded to the Epsilon data breach on its website on Monday, saying that "the unauthorized person(s) had access to names and email addresses only. They did not have access to sensitive customer information, such as physical addresses, point balances, account logins and passwords, credit card information or other personal data."


The hotel operator told customers on Monday that their names and email addresses were part of the breach.

"The files accessed did not include any customer financial information. ... The most likely impact, if any, would be receipt of unwanted e-mails," Hilton told customers in an email.

The company did not respond to requests for comment.

The Minneapolis bank confirmed on Monday that some of its customers' email addresses had been exposed in the Epsilon breach.

"No financial information is shared with Epsilon," spokeswoman Teri Charest wrote in an emailed statement.


The companies who said since Friday that their customers' names or email addresses were exposed in the Epsilon data breach include JPMorgan Chase & Co, Citigroup, Capital One, Kroger (the biggest U.S. supermarket operator), Walgreen, Best Buy, and TiVo.