"Affected banks are now starting to analyze transaction data on the compromised cards, in hopes of finding a common point of purchase," Krebs wrote. "Sources at two different major financial institutions said the transactions that most of the cards they analyzed seem to have in common are that they were used in parking garages in and around the New York City area."

In an interview this morning, Krebs said the fraudulent card use, "seemed to be tied to gang activity in New York City, but I haven't heard that from more than one source."

In the grand scheme of credit card breaches, this one does not come close to topping the list -- the in late 2008 involved more than 130 million credit and debit cards and about 175,000 merchants.

But it illustrates once again how vulnerable such systems are to attack.

Anup Ghosh, founder and CEO of Invincea, a developer of browser protection systems, says too much of the security industry is still stuck in the 1990s. "Those protections," he says, "are very easy to circumvent today. Most systems are about telling you what happened after the fact."