Credit card provider MasterCard International has warned that hackers have stolen information for as many as 40 million cards.

The theft occurred at CardSystems Solutions, a third-party processor in Tuscon, Arizona, that handles payments on behalf of several credit card companies.

Hackers used security vulnerabilities in the company's systems to infiltrate its network and access customer data.

MasterCard's fraud-fighting tools pointed the card provider to the hack, and allowed it to trace the incident back to CardSystems Solutions.

The online security breach is almost certainly the largest ever case of identity theft, and is just another occurrence in a series of exposures of confidential information. 

Last week CitiFinancial had to admit that several tapes holding information on 3.9 million customers were lost in transit to a credit bureau.

Other compromised companies this year included LexisNexis, ChoicePoint and the Polo Ralph Lauren retail stores.

Organisations in the US are obliged to disclose security breaches of customer information under local legislation including California's 2003 Security Breach Information Act and similar laws in Massachusetts.

The law forces hacked companies doing business in those states to reveal whether their security has been breached. They were previously allowed to keep quiet about such incidents.