The companies all use the same marketing and communications vendor called Epsilon, a leading marketing services firm. Epsilon, based in Dallas, issued a brief statement on Friday saying "a full investigation was under way" following the discovery of the breach of some customer client data. The company had said that information obtained was "limited to email addresses and /or customer names only and that "a rigorous assessment determined no other personal identifiable information associated with the names was at risk."
Epsilon spokeswoman Jessica Simon, who was reached by phone late Sunday, declined to comment beyond the contents of the press release.
Several of the companies affected said Epsilon informed them of the breach and told them the compromised files do not include any personally identifiable information stored with the marketer.
Best Buy tweeted a link to a statement Sunday, saying it was doing its own investigation of the breach. The nation's largest consumer electronics chain also reminded customers to ignore emails asking for confidential information. Meanwhile, Delaware-based Barclays Bank, which issues Visa credit cards on behalf of L.L. Bean, sent emails to its customers warning of the breach but assured them that their credit card numbers are safe. However, it cautioned they could be subject to spam seeking personal information.
TiVo and Walgreens on Saturday issued similar warnings.
JPMorgan Chase & Co. and grocery operator Kroger Co, which also use Epsilon to send emails, said Friday they had been affected by the breach. JPMorgan said the files concerned did not include customers' financial details. Kroger said that while a database with customer names and email addresses had been breached, no information connected with consumers' 1-2-3 Rewards MasterCard account had been involved.
