Epsilon said it doesn't believe any other personal information was compromised, but it is now working with authorities on an investigation, a company spokeswoman said Friday.
Epsilon only learned of the breach on Wednesday and it is unclear yet how serious the issue is. On Friday, spokespeople for Chase and Epsilon declined to say much beyond their prepared statements.
In a letter to customers, Kroger said customer names and e-mail addresses were stolen. "As a result, it is possible you may receive some spam email messages," Kroger said. "We apologize for any inconvenience. Kroger wants to remind you not to open emails from senders you do not know. Also, Kroger would never ask you to email personal information such as credit card numbers or social security numbers. If you receive such a request, it did not come from Kroger and should be deleted," the letter states.