Hackers also steal millions of private records from other major companies, including JP Morgan Chase, Hilton Hotels, Citigroup and Capital One

Attacks on a major US email marketing firm, Epsilon, have left Marks and Spencers customers’ private data exposed, according to reports.

The retail giant released a statement on Tuesday night assuring customers that it does “take privacy very seriously” but added that customers should be prepared for spam and phishing attacks over the next few weeks.

The breach came as part of a much wider attack on the US email company, in which the private data of millions of customers of some of the world’s most recognized companies – including JP Morgan Chase, Hilton Hotels, Citigroup and Capital One – were stolen.

Epsilon Interactive’s parent company Alliance Data also issued an apology on Wednesday for the breach, assuring customers that “we fully recognize the impact this has had on our clients and their customers, and on behalf of the entire Alliance Data organization, we sincerely apologise”. The firm promised to leave “no stone unturned” in what they called “a malicious act by highly sophisticated cyber-thieves”, but did confirm that only email address data had been stolen.

The breach has already been labeled the “biggest ever” by privacy consultant Neil Schwartzman, executive director of the Coalition Against Unsolicited Commercial Email (CAUCE). A investigation is currently underway, yet the full extent of the privacy breach on customers will only become apparent over the next few weeks.