Visa and MasterCard have sent confidential alerts to financial institutions across the United States, warning them that more than 200,000 credit cards that were stolen in the Equifax data breach.

Both companies frequently send alerts to card-issuing financial institutions with information about specific credit and debit cards that may have been compromised in a recent breach.

But it is unusual for these alerts to state from which firm the accounts were thought to have been pilfered. In this case, however, they were unambiguous, referring to Equifax specifically as the source, reports  journalist Brian Krebs.

In an alert sent this week to multiple banks, Visa said the “window of exposure” for the credit cards stolen in the Equifax breach was between 10 November 2016 and 6 July this year. A similar alert from MasterCard included the same date range.

“The investigation is ongoing and this information may be amended as new details arise,” Visa said in its alert, linking to the press release Equifax initially posted about the breach on 7 September.

It said the data stolen included card account number, expiration date, and the cardholder’s name. Criminals can use this information to conduct e-commerce fraud at online merchants.

Equifax, a provider of consumer credit scores, revealed last week that the hack had exposed the personal details of up to 143 million United States consumers. They included names, social security numbers, and, in some cases, drivers’ licence numbers.

It said personal information of some UK and Canadian residents were also hacked. The company blamed a web server vulnerability in its open-source software, called Apache Struts,