According to Leigh Brady, senior vice president at the credit union, many of the compromised debit cards were being used fraudulently in several countries, including Romania, Russia, Spain and the U.K. 'This is the largest [card reissue] we've had one in quite a while,' Brady said.

In an advisory this week, analyst firm Gartner Inc. said the combined bank actions 'reflect the largest PIN theft to date and point to a new wave of 'PIN block' card fraud."

Avivah Litan, author of the Gartner report, said that PIN-based fraud schemes involve hackers somehow gaining access to the encrypted PIN data that is sent along with card numbers to processors that execute PIN debit transactions. The thieves also steal terminal keys used to encrypt PINs, which are typically stored on a retailer's terminal controllers, she said. The encrypted PIN information, together with the key for decrypting it and the card numbers, allow criminals to make counterfeit cards, she said.

The widening scope of the fraud has already prompted calls from one congressman for more disclosure and is likely to spur more attention from lawmakers, according to analysts.

In February, Rep. Barney Frank (D-Mass.), the leading Democrat on the House Financial Services Committee, sent a letter to both MasterCard International Inc. and Visa urging the companies to disclose the source or sources of the compromise or take responsibility themselves.