That's because once scammers know their victims' names and e-mail addresses, along with the companies that they do business with, they can craft very targeted "spear-phishing" e-mail attacks that try to trick victims into revealing more sensitive information such as passwords or account numbers.

"Everybody is downplaying it by saying, 'at least they didn't get financial information.' Well that's true, but what they did get was enough to potentially get financial information [in a phishing attack]," said Neil Schwartzman, executive director with the Coalition Against Unsolicited Commercial Email, a consumer advocacy group based in Montreal.

The IDG News Service has confirmed that the following companies have warned customers about the breach. Because Epsilon is often engaged by business units within these firms, not everyone who does business with these companies has had their e-mail address stolen. If you have received a notification from a company that is not included on this list, please contact robert_mcmillan@idg.com.

AbeBooks

Ameriprise Financial