Hundreds of debit and credit card customers in Bermuda have been dragged into one of the world's biggest security breaches.

Bank of Bermuda and Butterfield Bank are warning customers to be on guard after cyber-crooks hacked into the computer system of an overseas payment company.

Individuals and businesses with Visa and MasterCard cards are said to be at risk from the data breach at Heartland Payment Services.

Some 'compromised customers' have already had their bank accounts closed and replacement cards with new account numbers issued.

And the island's two biggest banks are now advising all card customers to monitor their statements to look for any suspicious activity.

The widespread security breach has affected fewer than two per cent of Bank of Bermuda's card users and "a small number" of Butterfield Bank customers.

This includes debit and credit card customers, both individuals and businesses.

Heartland, a New Jersey based payment company, discovered malicious software had been hidden on their servers which enabled cardholder data to be transmitted to an unknown third party.

They process 100 million card payment transactions per month for more than 250,000 businesses worldwide, including restaurants and retailers.

Tech-security experts said the breach could set a worldwide record. It is believed that the scam could be the result of a "widespread cyber fraud operation" and the stolen data could be used to make fake cards.

Bank of Bermuda confirmed its customers had been affected and it was doing all it could to protect them.

Lisa Fox, head of card services at the Bank of Bermuda, said the bank was working to safeguard its affected customers by contacting them directly, closing compromised accounts and issuing replacement cards.

She said: "We strive to be proactive in these instances to ensure our customers are minimally affected and we remain focused on ensuring all areas under our control have the highest available security measures in place."

Butterfield Bank said it quickly took steps to protect all its customers and they have taken "proactive and appropriate measures to help ensure that customers' accounts will not be compromised."

A spokesman said: "Butterfield has increased fraud monitoring on accounts that were potentially impacted by the security breach. Among other safeguards, Butterfield will be prohibiting authorisations from certain merchant locations, and customers are being contacted to verify any transactions attempted at these restricted locations.  

"If fraud or attempted fraud is confirmed on a customer account, Butterfield will automatically issue a replacement card with a new account number."

It has been reported that the intruders had access to Heartland's computer system for "longer than weeks" at the end of last year.

Investigators only realised the data-stealing programme had been planted by the thieves when they started to investigate suspicious card transactions.

Robert O. Carr, Heartland's chairman and CEO, said he "sincerely regretted any inconvenience caused" by the data breach. He stressed that no personal information such as cardholder's PIN numbers, addresses or telephone numbers had been stolen.

Mr. Carr said: "We will not rest until we have the answers to how and why this breach occurred so we can prevent any future attacks at Heartland and elsewhere.

"We are coordinating with the Secret Service and the United States Department of Justice to resolve this issue."

Heartland announced the breach on January 26, then Visa and MasterCard began notifying their member banks.

Cardholders are not responsible for unauthorised fraudulent charges made by third parties.