A computer hacker may have broken into more than 40 million credit card accounts, US company officials say.
All brands of cards could be affected
MasterCard International said the breach was traced to a company in Atlanta which processes transactions for banks and merchants.
All brands of credit cards could be affected, it warned.
The company, CardSystems Solutions, said it identified the breach last month and immediately contacted the FBI, which was investigating.
MasterCard announced the breach in a news release on Friday, saying security "vulnerabilities" had allowed an unauthorised individual to infiltrate the network of CardSystems and access the cardholder data.
It said 14 million of its customers may have been exposed to fraud. Another 22 million were Visa cards, said a spokeswoman for the Visa company.
MasterCard spokeswoman Sharon Gamsin told the Associated Press news agency the data - names, banks and account numbers - could be used to steal funds, but not identities. The company was notifying banks that issue MasterCards.
In its own press release, CardSystems Solutions said it had identified a "potential security incident" on 22 May and contacted the FBI a day later.
The company said it was installing extra security procedures.