The bank typically keeps the personal information of its customers encrypted, or scrambled, as a security precaution. However, during the course of the breach, personal data belonging to those customers had temporarily appeared in plain text in files the computers use to log activity.
The bank believes "a small amount" of data was taken, but not critical personal information such as social security numbers, birth dates and email addresses.
Cyber criminals covet such data because it can be used to open bank accounts, obtain credit cards and engage in identity theft. Many states require banks to notify customers if they believe there is any chance that such information may have been taken in a breach.
(Read more: Cybercrime may cost US economy $100 billion, says new study)
The bank is also offering the cardholders a year of free credit-monitoring services.
The warning only affects the bank's UCard users, not holders of debit cards, credit cards or prepaid Liquid cards.
Fusco said the bank has not found that any funds were stolen as a result of the breach and that it has no evidence that other crimes have been committed. As a result, it is not issuing replacement cards.
(Read more: Nine people's shocking cybercrimes)
The spokesman declined to identify the government agencies and businesses whose customers it had warned about the breach. Fox 8 News in New Orleans reported on its website that three Louisiana agencies were notified by the bank on Wednesday that the personally identifiable information of some state citizens may have been exposed.
State officials could not be reached for comment late Wednesday.
The bank said it does not know who was behind the attack, though the Secret Service and FBI are investigating the matter.
(Read more: Cybercrime is 'greatest threat' to companies survival: EY)
Businesses and government agencies are increasingly using prepaid cards because they are easier to cash than paper checks.
Yet the vast stores of data behind payment cards of all kinds have created new risks. In 2007 some 41 million credit and debit card numbers from major retailers, including the owner of T.J. Maxx stores, were stolen.
In May of this year U.S. prosecutors said a global cybercrime ring had stolen $45 million from banks by hacking into credit card processing firms and withdrawing money from automated teller machines in 27 countries.