Citigroup says 360,000 affected by hackers
Hackers stole account information of more than 360,000 of Citigroup Inc.'s U.S. credit card customers in a recent data breach, the bank said Wednesday, almost double the number initially thought.
Citi said last week that about 1 percent of its credit card customers had account information hacked online but did not say exactly how many. The actual number of customers affected was thought to be about 200,000, based on Citi's 2010 annual report, which said the company had roughly 21 million North American credit card customers.
But the true number was actually 360,083, the bank said in a statement posted on its website late Wednesday.
The bank said it discovered on May 10 that hackers used its Account Online system to access the data for North America Citi-branded credit cards issued in the U.S.
The bank said last week that hackers accessed customer names, account numbers and contact information, including e-mail addresses.
But they weren't able to get their hands on social security numbers, dates of birth, card expiration dates or card security codes, information that can be useful in identity theft.
Internal fraud alerts and enhanced monitoring were placed on all accounts deemed at risk as soon as the breach was discovered, Citi said.
Letters were sent starting June 3 to people affected, and 217,657 customers have also been sent new cards, Citi said. Replacement cards were not sent to the others because the accounts were closed or they had already been sent new cards for other reasons.
Citi said it has notified police and government officials.
"For the security of our customers, and because of the ongoing law enforcement investigation, we cannot disclose further details regarding how the data breach occurred," it said.
Citi reassured customers that they weren't liable for any unauthorized use of their cards and urged them to review account statements to report any suspicious transactions.
It's the latest in a series of high-profile data attacks against big companies and institutions. The International Monetary Fund said Sunday that it was investigating an attack on its computer system.
Google Inc. said earlier this month that Gmail accounts of several hundred people had been breached. In April, Sony Corp.'s Playstation Network was the victim of a massive security breach that affected more than 100 million online accounts.
©2011 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.