According to the Australian newspaper, the card details may have originated from a card data skimming operation involving a holiday company, although the data's precise origin is unknown.
What is known, however, is that data files containing the skimmed payment card data were posted on a blog site, and then indexed in Google's search engine in late April.
This means that anyone keyword searching for card data using advanced Google search engine syntax would obtain access to the data, which is essentially a large identify theft starter kit, Infosecurity notes.
Data found in Google's search engine reportedly included card numbers of Amex, Visa and Mastercard accounts, together with their expiry dates, cardholder names, addresses, phone numbers and email addresses.
Australian police are quoted as saying the data probably originated from the skimming of card terminals and ATMs.
It remains unclear what the motive of the blogger, who has not been traced, was in posting the data.
Police say that have closed down the blogging pages with the data and are now working with Google to remove the data from its index caches.