SecurityWeek has been able to confirm that customer names and e-mail addresses, and in a few cases other pieces of information, were compromised at several major brands in addition to Kroger including: Ameriprise Financial, Best Buy, Brookstone, Capital One, Citi, Disney Destinations, Home Shopping Network, JPMorgan Chase, LL Bean Visa Card, Marriott Rewards, McKinsey & Company, New York & Company, Ritz-Carlton Rewards, The College Board, TiVo, US Bank and Walgreens. Apparently, when asked to comment by SecurityWeek, Epsilon refused to provide additional details on what other brands may have been affected.
Because e-mail addresses are used for phishing attacks, people should verify that the e-mails are authentic before revealing personal information requested. Contacting the company allegedly making the request by directly going to their website for verification may be the safest way to deal with the request. And obviously this does not mean using a link provided in the e-mail.