Don't respond to emails that threaten to close or suspend your account unless you provide certain personal information immediately. Never send your username and password in response to any email that asks for it, however authentic-looking the email might appear. Legitimate companies do not typically ask for such information in an email.
Should I change my email address? That probably would be the safest thing to do, but it can be a huge hassle. For the moment, the best option is to be extra vigilant in watching for phishing attempts.
What other information, besides names and email addresses, was compromised? So far, Epsilon has said that only names and email addresses were compromised in the breach. The company collects and sells a lot of other customer data, but it's not saying if any of that data was exposed.
Is there a complete list of all the companies affected by the breach? No. Epsilon has not released that yet. But blogger Brian Krebs has complied a (growing) list of the companies that have notified their customers about the breach so far. Close to 50 companies are on that list, including Best Buy, Citibank, Disney, JPMorgan Chase, The Home Shopping Network, Hilton, Marriott and the College Board.
Sign up for CIO Asia eNewsletters.