The Visa and MasterCard associations, which comprise financial institutions that issue the credit cards, have reportedly admitted that the information in question "would include" credit card numbers, but claimed that none of the accessed credit card details have been used in a fraudulent way – so far.
Both companies apparently said they cannot provide a timeline of when the security breaches occurred, or disclose the name of the processing company, but claimed they have immediately notified the affected customers and card issuing financial institutions.
Both Visa and MasterCard, which between them are responsible for over 550 million cards in the US alone, have zero liability policies. This means that cardholders are not liable for unauthorised or fraudulent charges.
The matter is currently being investigated by US law enforcement officials.