NEW YORK — With the possible theft of millions of consumer e-mail addresses from an advertising company, several large companies have started warning customers to expect fraudulent e-mails that try to coax account login information from them.
A dozen companies said over the weekend that hackers may have learned their e-mail addresses because of a security breach at a Dallas-based company called Epsilon that manages e-mail communications.
Among the affected companies are banks such as Capital One Financial Corp., Barclays Bank, U.S. Bancorp and Citigroup Inc., JPMorgan Chase & Co., and retailers including Best Buy Co., TiVo Inc., Walgreen Co. and Kroger Co.
The College Board, the not-for-profit organization that runs the SATs, also warned that a hacker may have obtained student e-mail addresses.
Walt Disney Co.'s travel subsidiary, Disney Destinations, sent e-mails warning customers Sunday.
Epsilon said Friday that its system had been breached, exposing e-mail addresses and customer names but no other personal information.
The e-mail addresses could be used to target spam. It's also a standard tactic among online fraudsters to send e-mails to random people, purporting to be from a large bank and asking them to log in in at a site that looks like the bank's site. Instead, the fraudulent site captures their login information and uses it to access the real account.
The data breach could make these so-called "phishing" attacks more efficient, by allowing the fraudsters to target people who actually have an account with the bank.
Epsilon, a unit of Alliance Data Systems Corp., sends more than 40 billion e-mails annually and has more than 2,500 clients.
Shares of the parent company fell $3.82, or 4.45 percent, to $82.11 in morning trading Monday.