Credit card giants Visa and MasterCard were scrambling on Friday to thwart cyber crooks who looted a massive trove of precious account data, evidently from a payment processor in New York.
Gartner analyst Avivah Litan said that industry sources revealed that numbers from more than 10 million credit card accounts were stolen in the breach, with the entry point being a New York City taxi and parking garage company.
The thieves stockpiled stolen credit card numbers for months before beginning to use them, according to the analyst.
Indications were that the culprits were part of a Central American crime gang, Litan told AFP.
"It sounds like they went into an administrative privilege account at the taxi company and stole electronic data from a central server," Litan said.
"So, if you've paid a NYC cab in the last few months with your credit or debit card, be sure to check your card statements for possible fraud."
Visa and MasterCard both said they were investigating the breach, which they stressed involved a "third party" and not their internal networks.
"Visa has provided payment card issuers with the affected account numbers so they can take steps to protect consumers through independent fraud monitoring and, if needed, reissuing cards," the company said in a statement.
Visa and MasterCard are alerting banks and credit unions across the United States to what some in the financial sector are calling a "massive" breach, computer security specialist Brian Krebs said in his Krebson Security blog.
Alerts sent to banks warned that sufficient account details were stolen to make counterfeit credit cards, according to Krebs.
People should alert card issuers to suspicious account activity, according to Visa and MasterCard.
"Law enforcement has been notified of this matter and the incident is currently the subject of an ongoing forensic review by an independent data security organization," a MasterCard spokesman told AFP.
Explore further: The brave new world of big data retention