Security for millions of MasterCard, Visa and American Express credit card account numbers - far more than first thought -- was compromised when a hacker broke into the computer system at an unnamed third-party processor used by various merchants.
However, apparently none of the account data obtained has been used in a fraudulent manner, although at least one bank canceled some accounts as a result of the hack. As many as eight million accounts are now said to have been compromised.
The card companies generally have zero liability policies, which protects cardholders from responsibility for any unauthorized or fraudulent charges.
MasterCard International said that it was alerted about an intrusion to the database of a third-party merchant processor in the United States in early February.
"Approximately 8 million account numbers, of which 2.2 million are MasterCard cards, were possibly compromised. Investigations are currently underway," MasterCard said in a statement.
MasterCard said that "we have notified our member financial institutions of the accounts involved, so that they may monitor each account for fraud and/or reissue cards as appropriate."
Visa said that its fraud team immediately notified all affected -issuing financial institutions and is working with the third-party payment card processor to protect against the threat of a future intrusion."
About 3.4 million Visa accounts also were accessed in the incident, according to spokesman John Abrams.
And some American Express account numbers also were compromised. Christine Elliott, a spokeswoman for American Express, was quoted as saying that security processes were in place to determine if card numbers are being misused but "we're not aware of any unusual activity."
"Zero-liability guarantees will limit consumers' downside in most cases, and while this incident says nothing about consumers buying online, it's likely to erroneously help perpetuate the fears certain people have about buying online," said Rob Leathern, an analyst at Jupiter Research.
It's unclear whether the incident was the result of serious thieves, outside hackers, an inside job by an employee or even physical theft of a database.
Citizens Bank, serving the Northeast, shut down about 8,800 customer accounts after being notified by MasterCard last Friday, a bank spokeswoman told CNN.
Both MasterCard and Visa, which have invested heavily in upgrading their own computer systems, said they are working with law enforcement officials on the matter, as is the processing company.