Hackers have stolen email addresses from the United States-based email service provider of McKinsey & Company, TiVo, JP Morgan Chase and Capital One Financial, among others.
The provider, Epsilon, said it detected an "unauthorised entry" into its system that exposed customer names and email addresses on 30 March. The company said that "no other personal identifiable information" linked to the accounts was at risk.
Bloomberg reported that an Epsilon would not say how many other clients might be affected, citing an ongoing investigation.
Epsilon sends 40 billion emails annually.
Affected clients have told their customers that only names and email addresses were compromised and personal and financial data did not appear to be at risk.
In an email forwarded to ZDNet Australia, McKinsey & Company senior managing editor Rik Kirkland told customers that Epsilon had said "the only information that was obtained was your first name, last name and email address and that the files that were accessed did not include any other information", but added that McKinsey was "actively working to confirm this".
"We do not store any credit card numbers, social security numbers or other personally identifiable information of our users, so we can assure you that no such information was accessed," he said.
Kirkland warned that customers may receive spam emails as a result of the breach and urged caution when opening links or attachments from unknown sources.
US supermarket chain Kroger issued a similar warning.
Customers may have reason to be jittery, as news of the breach comes amid disclosure by security firm RSA that its high profile compromise of its SecureID product was launched after a low-level staff member had opened a malicious attachment.