The Citigroup credit card data breach exposed the private financial data of more than 360,000 customer accounts. This is about 80 per cent more than Citigroup reported last week, according to a statement released by the bank.
Citigroup had previously said more than 200,000 cardholders, or about one per cent of its 21 million North American cardholders, were affected. The new revelations come as the bank was forced to respond to Connecticut’s attorney general and several other state regulators who have opened inquiries into the breach. They join federal authorities, including the Secret Service and the Federal Bureau of Investigation, who have been conducting investigations into how the bank was attacked.
On Thursday morning, Sean Kevelighan, a Citigroup spokesman, said the figures were always rough estimates and the discrepancy could be attributed to an increase in its credit card accounts and other factors. Citigroup now has about 23 million credit card accounts, up from 21 million accounts at the end of 2010, the last publicly reported figure.
In the statement, Citigroup also pinpointed May 10 as the date when it discovered the breach, and it said it had immediately rectified the problem and began an internal investigation. By May 24, bank officials concluded data thieves had captured the names, account numbers, and e-mail addresses of about 360,000 customer accounts. Social security numbers, expiration dates, and the three-digit security password found on the back of the card were not exposed.
©2011 The New York Times News Service
