Citigroup officials are saying now that 360,083 credit card accounts were accessed in the data breach this month, far more than the 210,000 they originally estimated.
Citigroup released the revised tally in a letter to customers June 15. The release came after Connecticut Attorney General George Jepsen said the company was not giving out enough information about how the breach occurred and how customers should be protected.
Citigroup originally reported June 9 that roughly one percent of its 21 million credit card accounts had been accessed by hackers, or about 210,000 accounts. New cards have been re-issued to 217,657 account holders.
"Some accounts were not re-issued credit cards if the account is closed or has already received new credit cards as a result of other card replacement practices," said Citigroup. The company will continue monitoring those accounts for suspicious activity. Internal fraud alerts and enhanced monitoring were placed on all accounts deemed at risk as soon as the breach was discovered.
Citigroup discovered the breach May 10, but only began sending out notification letters June 3. Company officials defended the delay, saying they needed to analyze millions of pieces of data to determine the cardholder impact. Citigroup is taking "every necessary action to ensure our customers are cared for," the company said.
According to the customer letter, Citigroup had confirmed the full extent of the breach by May 24.
Citigroup didn't disclose any new facts about how the attack occurred, citing the "security of our customers" and "the ongoing law enforcement investigation."
This article was originally published on 06-16-2011