Citibank intends to replace all customer debit cards involved in the data breach at US retailer Target, which would make it the second major bank to do so since the attack was disclosed last month.
The bank did not replace the debit cards earlier in order to minimise disruptions during the holiday shopping season, CNBC said quoting an anonymous source briefed on the company's decision.
The lender would start sending out new cards soon.
According to Target, card information from 40 million customers had been stolen between late November and mid-December when its in-store network was hacked.
The company, last week said it revised its damage estimate to include other systems, which stored the personal data of 70 million more customers, with possible overlap, which included people who might not have shopped at Target recently.
According to experts it was one of the largest thefts of consumer data.
According to Citi, its decision this week did not stem from any new surge of fraud or by additional information on the breach but was a precautionary measure.
According to commentators, Citi's move underlined the potential for continuing damage to consumers, banks and Target as data stolen in the breach might keep leaking into the black market.