Epsilon first warned of the incident Friday, saying that someone had got into company systems and obtained e-mail addresses and names belonging to some of its customers. But it wasn't immediately clear how many of its 2,500 clients were at risk. Epsilon is still being tight-lipped about the problem, but it has now given a clearer picture of how many companies are affected.

, the company said that "approximately 2 percent of total clients" -- about 50 businesses -- were hit.

Customers of many of these businesses, which include Target, Citigroup, Tivo and Walgreens, woke up Monday to e-mail warnings, telling them that their e-mail addresses had been stolen, and that spam or malicious messages could be coming their way. But so far, Epsilon has refused to provide a detailed list of all companies that were affected.

Companies hire Epsilon to send out a total of more than 40 billion messages on their behalf each year.

With millions of addresses thought to have been stolen, the problem may be worse than many people realize, security experts said Monday.