Visitors to US state parks buying online passes have been warned to be on the lookout for fraudulent card transactions after it emerged that a number of servers at a third-party payments handler were compromised by malware.

According to US sources, the breach affected InfoSpherix, a subsidiary of Active Networks, and is so far known to have potentially exposed the credit card details of 970 visitors to Maine state park.

Two features of the news raise concerns, starting with the length of time the compromise could have been active, between 21 March and 22 December 2010. It is also still not clear whether the breach affected state park pass buyers from other states beyond Maine, or whether additional breach worries relate to other types of business using the same servers.

The positive news is that no fraud reports have so far been received from those buying passes to visit Maine state park.

"The message that I'd like to get across is that Maine.gov is secure. Maine.gov was not breached," Maine.gov board chairman Charlie Summers was reported to have said.