Heartland Payment Systems said last night that data information associated with the 100 million card transactions it processes each month has been compromised.
The company, which processes card transaction data for a quarter of million US organisations, has not, however, quantified the scale of the data breach, but reports suggest it is massive.
Infosecurity understands that the compromised data includes the information on a card's magnetic stripe - the card number, its expiration date and internal banking codes - all of which could be used to create a cloned card.
Avivah Litan, a Gartner analyst, has been quoted as saying this is the largest card data breach ever, based on her conversations with industry executives.
Previously, Infosecurity notes that the largest known breach occurred when around 45 million card numbers were stolen from retail company TJX in 2005/2006.
Visa and MasterCard are said to have notified Heartland of fraudulent transactions on accounts processed by its operation late last year, but a forensic investigation last week revealed that a breach involving highly sophisticated software had taken place,.
The US Secret Service has been working with the company for several days, Infosecurity understands.
The firm has also created a Web site - www.2008breach.com - to provide information to cardholders and third parties about the incident.