TEL AVIV (MarketWatch) – A data breach at the world’s largest provider of permission-based marketing-email services may have enabled unauthorized people to access the names and email addresses for customers of major financial-services, retailing and other companies, company statements and media reports say.

On April 1, Epsilon, the Dallas provider of email services for companies, said in a news release that on March 30, “A subset of Epsilon clients’ customer data [was] exposed by an unauthorized entry into Epsilon’s email system.

Did someone steal your tax refund?

“The information that was obtained was limited to email addresses and/or customer names only. A rigorous assessment determined that no other personal identifiable information associated with those names was at risk. A full investigation is currently underway.”

Companies including Walgreen Co., WAG, +0.89% the Deerfield, Ill., drugstore chain; J.P. Morgan Chase & Co. JPM, +0.96% and Capital One Financial Corp., COF, +2.00% the financial-services providers based in New York and McLean, Va., respectively; New York & Co., NWY the New York apparel chain; and Kroger Co., KR, +0.41% the Cincinnati supermarket operator, said they were informed by Epsilon that files related to their customer bases might have been exposed.

SecurityWeek, which follows the Internet- and enterprise-security industry, reported that other companies affected by the breach included Citigroup C, +1.62% and US Bancorp, USB, +1.55% the New York and Minneapolis financial-services firms, retailer Brookstone, consultants McKinsey & Co., the hotel chains Marriott International Inc. MAR, -0.68% and Ritz-Carlton, and TiVo Inc., TIVO the Alviso, Calif., provider of digital-video-recording solutions.

A number of the companies warned their customers not to open email from unfamiliar senders and said that they don’t ask for personal information, like credit-card and Social Security numbers, via email.