Three local banks said yesterday that some of their customers were among millions world-wide whose credit or debit card numbers were accessed by computer hackers who broke into the records of the US-based TJX Group.

The Bank of Bermuda and Capital G said they had already reissued some cards as a result, while Butterfield Bank said it was monitoring the situation closely.

None of the three reported evidence of fraud resulting from the breach.

TJX owns a chain of discount stores, selling mostly clothes and footwear, including Marshalls, TJ Maxx, Homegoods, Homesense, AJ Wright and Bob’s Stores in the US, as well as TK Maxx in the UK and Winners in Canada. TJX said hackers infiltrated a system that handles credit and debit card transactions, as well as cheques and merchandise returns for customers in the US and Puerto Rico and may involve customer accounts from the UK and Ireland.

The Massachusetts Bankers Association said on Wednesday that some of the stolen numbers had been used to make fraudulent purchases in Florida, Georgia, and Louisiana, as well as in Hong Kong and Sweden.

TJX has not revealed how many customers’ data was accessed by the hackers, but the Wall Street Journal has reported that as many as 40 million cards could be affected. But the company has said the figure is “substantially less than millions”.

Richard Brown, the Bank of Bermuda’s head of Personal Financial Services, said yesterday: “Bank of Bermuda has received notification from Visa and MasterCard that as a result of a recent security compromise due to an unauthorised intrusion into the computer systems of the TJX Group of Companies, a number of Bermuda-based credit and debit card numbers have been exposed to possible fraud.

“Bermudian card holders who made credit or debit card purchases in TJX’s stores (excluding Bob’s Stores) in the US, Canada and Puerto Rico during 2003 and for the period of mid-May through December 2006 may be at risk.

“Bank of Bermuda is working to safeguard our customers by contacting potentially affected clients and issuing replacement cards. As yet, we have seen no evidence of fraud on any Bank of Bermuda cards as a direct result of this.

Mr. Brown urged Bank of Bermuda customers to review their statements vigilantly, and to keep track of their accounts online, and contact the Bank immediately if they noticed any suspicious transactions.

A Butterfield Bank spokesman said a “limited number” of cards it issued could be affected.

“Immediately upon learning of the security breach, we identified those cards and we are closely monitoring the activity on those accounts,” the spokesman said.

“To date, we have seen no fraudulent activity related to this situation on any Butterfield Bank-issued cards. We will continue to monitor these cards on behalf of our customers.

“Butterfield Bank employs sophisticated fraud monitoring and alert systems that are among the most advanced in the industry. We are confident that we have taken necessary steps towards protecting our customers.”

He added that the security breach at TJX Companies did not put Butterfield Bank’s computer systems at risk. “Customers can be assured that we place the highest priority on maintaining their security and privacy,” he added.

Capital G has reissued cards that had been used to shop at TJX stores during the time in question.

Michael DeCouto, vice-president of marketing at Capital G, said: “TJX has been very proactive in sending all issuers a list of numbers. That list has gone to cardholder services and then we have reached out to cardholders and issued them with new cards.”

He added that he was not aware of any Capital G cards having been used fraudulently, as a result of the TJX breach.

“All issuers have policies and contingency plans to deal with fraudulent activity,” Mr. DeCouto added. “Our primary concern is the security of our customers.”

Visa USA said in a statement that it has provided the affected accounts to banks that issue its cards so they can take steps to protect consumers. The company said it is assessing all credit card transactions in real-time to help banks distinguish fraudulent transactions from legitimate ones.

Bank of America and American Express also said they are monitoring their credit cards for unusual activity. Christine Elliott, a spokeswoman for American Express, said the company has not seen any fraudulent purchases.

Banks re-issue cards