A security breach has forced National City Bank to reissue an unspecified number of customers' Visa-branded ATM/debit cards.

The move indicates customers' card numbers were stolen, leaving the accounts vulnerable to fraud.

Spokesman Bill Eiler wouldn't say if any fraudulent transactions had occurred. But in a written statement, the bank acknowledged that it was working with affected customers "to appropriately credit their accounts."

Mr. Eiler wouldn't say how many cards were affected, other than it involved a "small percentage" of customers. He said the bank was being tight-lipped because it didn't want to jeopardize the ongoing investigation.

National City began mailing letters to affected customers March 1. As a courtesy, those customers can continue to use their old cards until 5 p.m. March 16, after which the cards will be deactivated, the bank said.

A spokesman for Visa USA issued a written statement yesterday tying the security breach to an undisclosed U.S. merchant.

The statement indicated the problem affected a number of financial institutions in multiple states.

The breach at National City follows a similar incident in January involving an undisclosed number of PNC Bank Visa-branded ATM/debit cards, also known as check cards.

In that case, PNC said funds had been stolen from a "limited number" of customer accounts through overseas transactions. As a precaution, the bank canceled an undisclosed number of cards in multiple states.

In its letter, National City urged customers to regularly review their accounts and report suspicious transactions.

Customers generally have 60 days from receiving their statements to report inappropriate or unauthorized charges, Mr. Eiler said.