The Office of the Information and Privacy Commissioner of Alberta, Canada has published a news release with a decision on the Epsilon data breach.

Commissioner [Frank] Work reviewed the incident reports by Best Buy and Air Miles and concluded that although the information at issue (name, email addresses and organization membership (in the Best Buy case) was relatively minor compared to other data breaches which involve the unauthorized access of financial or other sensitive information, the sheer magnitude of the breach and the evidence that the information will likely be used for malicious purposes indicated there was a real risk of significant harm to affected individuals.

[…]

The Commissioner stated that the number of affected individuals increases the likelihood that spear phishing attempts will be successful and significant harm to individuals could occur as a result of the breach.

If you can find the missing parenthesis you win.