NEW YORK — Visa and MasterCard are warning U.S. banks that details of credit card holders' personal information could be at risk after a security breach.
The computer security journalist who first reported the theft said it might involve as many as 10 million MasterCard and Visa accounts, making it one of the largest known credit card heists.
Brian Krebs, on his KrebsOnSecurity.com blog, said the that involves compromise of a credit card payment processor — a "middle man" that handles transactions between retailers and banks.
That "middle man," according to the Wall Street Journal is card-processing firm Global Payments Inc.
Krebs reported that hackers had access to the processor's data from Jan. 21 through Feb. 25, and were able to siphon off enough data to easily create counterfeit cards.
Krebs' sources called the leak "massive."
Reports suggested the stolen details had been obtained in a taxi garage in New York City.
Neither Visa nor MasterCard would confirm how many customers were affected.
In a statement, MasterCard said: "[We are] concerned whenever there is any possibility that cardholders could be inconvenienced and we continue to both monitor this event and take steps to safeguard account information.
"If cardholders have any concerns about their individual accounts, they should contact their issuing financial institution."
Visa parroted MasterCard's statement, emphasizing that its customers are not responsible for fraudulent purchases.
Including merchants, credit card fraud costs U.S. establishments $52.6 billion annually, according to Federal Reserve statistics from last year.