A data breach at a payments processing firm has potentially compromised credit and debit card information from all of the major card brands, representatives from MasterCard and Visa said Friday.

News of the breach was first reported by the respected security blog Krebs on Security. That article said the breach was “massive,” and could involve more than 10 million card numbers, CNNMoney reported.

The Wall Street Journal followed up with an article saying that processor Global Payments is the vendor that was breached. Global Payments share prices fell 9 percent before trade was halted.

A representative of Global Payments did not immediately respond to a request for comment. The extent of the breach, and what kind of information was compromised, has not been confirmed.

“I’ve spoken with folks in the card business who are seeing signs of this breach mushroom,” Gartner analyst Avivah Litan wrote Friday in a blog post.

Her sources say the hackers have begun using some of the card data they stole, Litan added.

MasterCard said it has alerted payment card issuers “regarding certain MasterCard accounts that are potentially at risk.”

The company also said the breach is the subject of an ongoing forensic review by an independent data security organization.

Visa released a statement saying it also has provided card issuers with notifications about accounts that could be affected. The issuers “can take steps to protect consumers through independent fraud monitoring and, if needed, reissuing cards,” it said.

Both MasterCard and Visa emphasized that their own networks had not been penetrated.

Neither company would comment on the scale or nature of the breach, but the Journal’s report says the information that was taken could potentially be used to counterfeit new cards. The breach reportedly took place between Jan. 21 and Feb. 25.