JPMorgan Chase & Co on Saturday notified customers who used debit cards at Target Corp stores during the recent security breach that it limiting use of the cards to cash withdrawals of $100 a day and purchases totaling $300 a day.
The new limit effects roughly 2 million accounts, or fewer than 10 percent of Chase debit card accounts, according to a bank spokeswoman. It does not apply to credit cards.
The bank spelled out the limits in an email to customers with the subject line: "Unfortunately, your debit card is at risk by the breach at Target stores.''
The bank said it was taking at the action as a precaution and recognized that the move "could not have happened at a more inconvenient time.''
On Sunday, Chase said more than a third of its branches would be open across the country, prioritizing those near big shopping complexes and those that are able to instantly issue new debit cards.
Separately, a source familiar with the situation told CNBC that Citibank was also imposing limits on debit cards for affected customers if it sees suspicious activity, though the extent of those limits was not immediately clear.
Target said on Thursday that computer hackers had stolen data from as many as 40 million credit and debit cards of shoppers who visited its stores during the first three weeks of the holiday season.
The bank said in the letter that it plans to reissue affected debit cards over the coming weeks and in the meantime said employees at its 5,600 branches would help those who need more cash. Many branches will stay open late "if needed,'' the letter said.
Debit cards, unlike credit cards, typically require customers to enter personal identification numbers when they make purchases at store check-out counters. Initial reports of Target's security breach said data may have been taken through devices at its counters.
—CNBC.com contributed to this report.