HSBC North America, a division of London-based HSBC Holdings PLC, has begun notifying holders of the HSBC-issued, General Motors-branded MasterCard that criminals may have obtained access to their credit card information and that the cards should be replaced.
HSBC spokesman Stephen E. Cohen said Thursday that "we began doing it last week, and we are continuing."
He said that about 180,000 GM-branded card holders are affected.
Neither Cohen nor spokesmen for MasterCard International would identify the retailer by name.
The security breach was reported in Thursday's editions of The Wall Street Journal, which quoted "people with knowledge of the matter" as saying the data was stolen at Polo Ralph Lauren.
A spokeswoman at Polo Ralph Lauren, which is headquartered in New York, said "we have no comment at the moment" on the report. She asked that her name not be used.
It was unclear how many other cards might be at risk, but both Visa USA Inc. and MasterCard — the nation's largest credit card associations — were reported to be dealing with Polo Ralph Lauren on the matter.
MasterCard said in a statement that it was informed of a possible security breach "of transaction data associated with a U.S.-based retailer" in January 2005 and had launched an investigation immediately. The statement said banks that are members of the card association were notified.
"Investigations into this incident by MasterCard, law enforcement and other parties are ongoing," the statement said.
There was no immediate comment from Visa USA.