Citigroup has started sending replacement credit cards to customers whose accounts may have been compromised in the massive Heartland Payment Systems breach, the Associated Press reports.
The new cards were mailed with a notice labelled 'Important Security Message' that explains the "account number may have been illegally obtained as a result of a merchant database compromise and could be at risk for unauthorised use".
Citi - which has more than 150 million credit card accounts worldwide - has not confirmed the merchant database involved and has declined to reveal the total number of payment cards re-issued.
Hundreds of banks across the US have said their customers were involved in the Heartland breach. While some have begun to issue replacement cards, others have said they are monitoring their systems for unusual activity to detect fraud.
Police made their first arrests in the case last week, when three Florida-based men were apprehended after using stolen credit card numbers to make fraudulent purchases at local Wal-Mart stores.
The men are alleged to have been using the purloined numbers to electronically encode Visa Gift Cards which were then used to make fraudulent purchases at local businesses.
Meanwhile, rumours are circulating of another breach at an unknown payments processor. MasterCard and Visa are believed to have been circulating warnings to members banks about the attack, which is understood to have mirrored the Heartland break-in, where fraudsters planted malware on the company's servers to sniff out account numbers, PAN, and expiration dates.
A statement issued by the Community Bankers Association of Illinois says: "Visa announced that an unnamed processor recently reported that it discovered a data breach. The processors name has been withheld pending completion of the forensic investigation"