The retailer has issued warnings to customers to expect an increase in spam e-mail, as have other, mainly US-based, companies that use Epsilon's services, including the hotel chains Marriott and Hilton, Best Buy, TiVo, Walgreens and JPMorgan Chase.
"Epsilon, our e-mail marketing supplier has informed us that a number of its clients' files have been accessed without authorisation, including Marks & Spencer," the company said.
Like Epsilon, Marks & Spencer has assured customers that financial details are safe, but security experts say the risk is high of receiving targeted phishing e-mails in future.
Rik Ferguson, director security research & communication at security firm Trend Micro, says that in reality the attacker not only has names and e-mail addresses, but also information about where these people shop, bank, stay on holiday and more.
This story was first published by Computer Weekly