Millions of names and e-mail addresses were stolen from Epsilon, which handles e-mail marketing campaigns for 2,500 companies, more than 40 of which were among those affected by the breach.
Many of the affected companies have issued warnings to customers in recent days to be on the look out for phishing and scam e-mails.
The ordeal has promted one US senator to call for an iquiry by the Attorney General to ascertain “possible civil and criminal liability” on the part of Epsilon.
Alliance Data, Epsilon and all its customers affected by the breach have emphasized that no financial details were taken, but security experts say the risk is high of receiving targeted phishing e-mails in future.
Rik Ferguson, director security research and communication at security firm Trend Micro, says that in reality the attacker not only has names and e-mail addresses, but also information about where these people shop, bank, stay on holiday and more.
Alliance Data says Epsilon is investigating the breach with federal authorities and outside forensics experts and implementing additional security protocols, according to a report from Agence France.
"We will leave no stone unturned and are dealing with this malicious act by highly sophisticated cyber thieves with the greatest sense of urgency," Alliance Data chief executive Ed Heffernan said in a statement.
Alliance Data recognizes the impact the breach has had on its clients and their customers, he added.
"On behalf of the entire Alliance Data organization, we sincerely apologize," Heffernan said.
This story was first published by Computer Weekly