A computer hacker (or hackers) has gained access to the credit card numbers of as many as five million credit card customers.
As a result, information was stolen from more than 2.2 million MasterCard International accounts and about 3.4 million Visa USA cardholder accounts, according to those companies.
American Express cardholder account information was also accessed, a corporate spokeswoman for American Express, Christine Elliott, said.
Elliott declined to comment on how many American Express accounts were affected.
The theft occurred when the system of a company that processes credit card transactions for merchants was broken into, according to statement released by Visa USA.
Systems operated by Visa and MasterCard were not compromised and both companies said they had contacted all the financial institutions affected by the theft.
No information was available about which banks were affected by the theft, but a Visa spokesman said that none of the stolen Visa account information has been used fraudulently.
MasterCard was continuing to investigate whether the account information has been used to make purchases, vice president of global communications at MasterCard, Sharon Gamsin, said.
Neither Visa nor MasterCard would identify the company that was hacked nor would they provide information on how the theft occurred, citing security concerns.
MasterCard became aware of the security breach during the week of February 3, Gamsin said.
Visa and MasterCard, like other credit card companies, use third party companies to manage credit card transactions between merchants and the financial institutions that issue the credit cards.
Those companies transfer money to a merchant's account and manage any transaction fees, a Visa spokesperson said.
Because a single vendor handled transactions from several different companies, however, it was likely that the thefts were not limited to Visa and MasterCard accounts, Gamsin said.
The US Federal Bureau of Investigation's Cybercrime division was also investigating the theft, Cybercrime division spokesperson, Bill Murray, said.
The decision about whether to cancel a credit card account or merely flag it for possible fraud was up to the financial institutions that issued the card, Gamsin said.
Citizens Bank was notified of the crime by MasterCard last Friday and immediately cancelled the affected credit cards to protect its customers, according to Barbara Cottam, director of corporate communications at Citizens Bank, which is part of Citizens Financial Group of Providence, Rhode Island.
Although Cottam would not say how many Citizens Bank customers were affected, she said that published reports putting the number at 8800 were accurate.
Citizens Bank called those customers and issued new credit cards to them, Cottam said.
She did not know of any fraudulent transactions affecting Citizens Bank customers that were linked to the theft.
In contrast, Elliott said that American Express would not cancel credit cards attached to compromised accounts, but it had implemented a process to detect fraudulent activity on the affected cards.
Elliott would not provide details on that process, but said the company would notify specific card members if fraudulent activity was detected and action needed to be taken.
Both Visa and MasterCard offer zero-liability policies that absolve cardholders of responsibility for unauthorised purchases.
Cardholders who discover that their account has been used fraudulently should contact the financial institution that issued the card, Gamsin said.