Citigroup (NYSE: C) plans to send new debit cards to customers affected by the Target data breach, The New York Times reported Thursday.

The bank waited to reissue cards "because it wanted to minimize disruptions during the holiday shopping season," an anonymous source told the Times. The report did not say how many Citigroup debit cards will be replaced, and a call to Citigroup seeking comment was not immediately returned.

The security breach, which occurred between late November and early December, involved data on as many 110 million Americans — about a third of the U.S. population.

Citi is the second major bank to reissue debit cards in the aftermath of the attack. JPMorgan Chase (JPM) announced earlier this week that it had replaced two million bank cards to protect customers whose data may have been compromised. Bank of America (BAC) and Wells Fargo (WFC) have said that they are monitoring customer accounts for suspicious activity.

BBVA Compass in Birmingham, Ala., also reissued cards "as a preventative measure."