Air Miles and Best Buy were added to a growing list of firms that have been hit by a major security breach. ((Associated Press))

A growing list of companies including giant rewards firm Air Miles and hotelier Marriott are among the businesses that have been affected by a massive U.S. data breach.

News of the breach, which affects some of the top companies in North America and is being labelled as one of the biggest of its kind in U.S. history, comes after Dallas marketing firm Epsilon said last Friday that it was investigating the discovery of the breach of some customer client data.

The companies involved include:

  • Air Miles
  • Best Buy
  • Target
  • Marriott
  • Hilton Hotels
  • US Bancorp
  • JPMorgan Chase
  • Citigroup
  • Capital One Financial
  • Kroger
  • Walgreen
  • TiVo
  • HSN
  • The College Board

Epsilon, a marketing services company that controls email databases for more than 2,500 business clients, sends more than 40 billion emails a year.

Best Buy notified its customers in the U.S. and Canada that files containing their information had been accessed by an "unauthorized party."

The company warned its customers and Reward Zone members to delete any email messages asking for personal information.

Air Miles issued a similar warning late Monday, advising its members of "an unauthorized entry into the email platform, which is the system used to send Air Miles emails.

"We have been assured that the only information that may have been exposed was first name, last name and email address of some of our collectors. Details of your account are not stored in this system and were not at risk," Air Miles said in the note.

However, it cautioned members to "be cautious when opening links or attachments from unknown third parties."

"We want to remind you that Air Miles will never ask for your personal information or login credentials in an email. As always, be cautious if you receive emails asking for your personal information and be on the lookout for unwanted spam. It is not our practice to request personal information by email," it said.

Epsilon said that while hackers had stolen customer email addresses, a rigorous assessment determined that no other personal information was compromised.

Experts say that without passwords and other sensitive data, email addresses are of little use to criminals, but they can be used to craft dangerous online attacks.

The information could help criminals send highly personalized emails to victims. Doing so makes the email more likely to get past a spam filter.

(With files from Canadian Press)