Thousands of debit card account numbers are being replaced after Visa USA discovered that account information may have been compromised.

Visa USA director Rosetta Jones issued a brief statement yesterday saying the company was "recently notified by a U.S. merchant that it may have experienced a data security breach resulting in the compromise of Visa card information." Visa declined to say how widespread the problem was -- or how and when it occurred. Customers will not be held responsible for unauthorized purchases, Visa said. At least two financial institutions have already told customers that new cards and account numbers are on the way.

SunTrust Banks Inc. has sent letters to some of its debit card customers, saying Visa had notified several banks that the account numbers "may have been compromised." SunTrust is issuing new cards and account numbers, as well as monitoring the accounts for unauthorized charges. "You will not be liable for any unauthorized use of your current" debit card, SunTrust said.

SunTrust spokesman Mike McCoy said a "small fraction" of the bank's 1.8 million debit card customers were affected. He would not say exactly how many.

Capitol Federal Savings Bank in Kansas said it was issuing 8,000 new cards, about 2.5 percent of its total cardholders. Frank Wright, the bank's senior vice president for electronic banking, said his bank was notified by Visa on Thursday. He said Visa declined to say when the breach occurred, although his bank's own data indicated it was in the last "months, not years."

The Kansas bank's analysis -- which showed several dozen unsuccessful attempts to make unauthorized charges -- indicated that the breach was widespread, not geographically limited to a small part of the state. "That tells us it's a national merchant, or at least a national merchant's servicing company," Wright said. Other research indicated that the security problem did not occur through Internet use, but rather through "a regular walk-in store," he said.