Both companies have confirmed separately that banks have been alerted to possible data theft involving a third-party vendor in the US, Forbes reported. Neither MasterCard nor Visa's internal systems were compromised, they said.
MasterCard said it had asked law enforcement and an independent data security firm to investigate.
More from GlobalPost: Saudi hackers claim they published Israeli credit card details
The card companies have not indicated how many accounts could be affected, but the computer security specialist who broke the news said that it could involve more than 10 million cardholders.
Journalist Brian Krebs reported the suspected breach on his blog earlier today. Sources told him that card numbers were compromised via a US-based credit card processor, which was breached sometime between Jan. 21 and Feb. 25.
According to banks investigating the breach, Krebs said, most of the cards analyzed so far seem to have been used in parking garages in and around the New York area.
The data stolen was enough to enable the thieves to counterfeit new cards, he reported.
An analyst with Gartner IT consultancy, Avivah Litan, claimed her contacts at card companies said they were already "seeing signs of this breach mushroom." "Looks like the hackers have started using the stolen card data more recently," she wrote in a blog post today.
The Wall Street Journal identified the third-party processor involved as Global Payments, based in Atlanta. The company could not be reached for comment.
Cardholders are advised to contact the banks that issued their cards, the Journal said.
More from GlobalPost: The Argentine economy's fuzzy math problem