MasterCard is looking into a possible break-in at one of its credit card data processors that could have exposed the personal details of tens of thousands of people.
On Friday a source close to the investigation told ZDNet UK that the data processor under investigation was Global Payments Inc.
However, MasterCard declined to comment on the identity of the company under scrutiny.
"MasterCard is currently investigating a potential account data compromise event of a US-based entity and, as a result, we have alerted payment card issuers regarding certain MasterCard accounts that are potentially at risk," the company said in a statement on Friday.
The number of UK and European MasterCard customers affected by the breach was likely to be outweighed by US customers, a MasterCard representative told ZDNet UK.
"It's a US-based processor — I would see the majority of this taking place in the US," said the representative.
Visa and MasterCard have been warning banks about the breach, according to security journalist Brian Krebs. Up to ten million people could have been affected by the breach, which occurred between 21 January and 25 February, 2012. Enough data to counterfeit credit cards was stolen, according to Krebs.
However, Bloomberg revised the number of affected people down on Friday, saying that around 50,000 people could have been affected by the breach, and that Global Payments had ceased trading due to the investigation.
The MasterCard representative declined to comment on the scale of the breach.
"MasterCard is concerned whenever there is any possibility that cardholders could be inconvenienced and we continue to both monitor this event and take steps to safeguard account information," said the company statement. "If cardholders have any concerns about their individual accounts, they should contact their issuing financial institution.
"Law enforcement has been notified of this matter and the incident is currently the subject of an ongoing forensic review by an independent data security organization. It is important to note that MasterCard's own systems have not been compromised in any manner."
Visa Europe declined to comment on possible effects on European customers, and directed ZDNet UK to Visa.com in the US. Visa.com had not responded to repeated requests for comment at the time of writing. Global Payments Inc had not responded to requests for comment at the time of writing. The Wall Street Journal had also not received comment at the time of writing from Global Payments Inc.
ZDNet UK understands that Global Payments Inc is due to make a statement on Monday.