Dallas-based Epsilon, a permissions-based marketing company that sends 40 billion emails each year, said on April 1 that someone had gained access to its internal systems. It updated the statement on April 4, adding that only two percent of the email addresses that it holds had been compromised.
The firm did not reveal which companies had been affected, but at least some of these email addresses were used for Canadian customers of the TiVo recording service, and the electronics retailer Best Buy's Reward Zone Canada program.
"The information that was obtained was limited to first name and/or email addresses only. Your service and any other personally identifiable information were not at risk and remain secure," said Tivo, in an apologetic email to customers.
"It is possible you may receive spam email messages as a result. We want to urge you to be cautious when opening links or attachments from unknown third parties."
The TiVo emails were sent on Saturday, April 2. Best Buy, which sent its emails on April 1, said that it had been notified on March 31.
Like the others, Air Miles warned customers to be wary of spam.