As expected, the security breach of online marketing giant Epsilon has grown from a PR disaster to a full-blow catastrophe — and could escalate further, with the data security of millions of US customers possibly at risk.

On Friday, Epsilon, which provides email marketing services for more than 2,500 clients, announced that its databases had been infiltrated by an “unauthorized third-party,” and that customer names and email addresses of some of the country’s largest companies had been compromised.

As of Saturday, Citigroup, JP Morgan Chase, Brookstone and Kroger were the only Epsilon clients to contact their customers about the breach. By Sunday, however, the list had grown to include College Board, Walgreens, TiVo, Capital One and HSN Inc. Each of these organizations sent out notifications to customers to inform them that their personal data may be in the hands of hackers.

Other Epsilon clients include Visa, Kraft, LL Bean, Best Buy, Verizon, and many more. In short, if you have ever given your email address to any of these companies — and there’s a very good chance you have — then you may be at risk of “phishing” attacks, or other kinds of identity theft.

Epsilon says that nothing more than names and email address have been exposed. But so far, the company has so far been unable (or unwilling) to publicly release a full list of its clients that have been affected by the data breach.

“While we are cooperating with authorities and doing a thorough investigation, we cannot say anything else,” Epsilon spokeswoman Jessica Simon told Reuters. “We can’t confirm any impacted or non-impacted clients, or provide a list (of companies) at this point in time.”

Reuters describes the hacking of Epsilon as possibly “the biggest such breaches in U.S. history.” It’s doubtful, however, that it will be as damaging as the 2009 breach of Heartland Payment Systems, which exposed the details of tens of millions of credit card and debit transactions. Because the company does business with many of America’s largest financial institutions, however, there remains reason to be concerned — at least until the full breadth of the matter is known.

(Image via)