Citigroup has revealed the details of a recent hack, admitting that about 360,000 customers details were compromised, and not 200,000 as initially reported.
Citi announced the attack last week though it happened on May 10, according to the press release.
"The majority of accounts impacted were identified within seven days of discovery," Citi said in a press release on Wednesday. "By May 24, we confirmed the full extent of information accessed on 360,069 accounts. An additional 14 accounts were confirmed subsequently. To determine the cardholder impact required analysis of millions of pieces of data."
Citi says that customers' account information including name, account number and contact information was compromised but customers' social security number, date of birth, card expiration date and card security code were not divulged.
According to the company, Citi sent out notification letters to customers starting on June 3.
"Citi has implemented enhanced procedures to prevent a recurrence of this type of event," Citi says. "We have also notified law enforcement and government officials. For the security of our customers, and because of the ongoing law enforcement investigation, we cannot disclose further details regarding how the data breach occurred."
Only Citi's US customers were affected and Citi says it sent 217,657 accounts reissued credit cards with a notification letter. The remaining accounts were not reissued credit cards because the account was closed or "as a result of other card replacement practices," according to Citi.
The company released the specific numbers of accounts compromised in each state. Most accounts came from California with 80,454 accounts compromised. Texas followed with 44,134 accounts, and Illinois had 3-,054 accounts compromised in the hack.
Citi joins Sony among the ranks of large corporations under attack in recent months. Sony also took its time notifying customers of the compromise to 180 million accounts.
Return to security news headlines
View Security News Archive