Citigroup says 360,000 cards hacked in May cyber attack

Citigroup Inc said a credit card data breach that took place in May affected over 360,000 accounts, around 80 per cent more than the initial figure revealed by the bank last week.

In a statement issued late last night, Citigroup said "a total of 360,083 North America Citi-branded credit cards were affected. Only accounts issued in the US were impacted."
Citigroup reiterated its earlier statement that 1 per cent of its credit card customers were affected. But as per the bank's annual report, Citi Cards has about 21 million customers in North America, 1 per cent of which would amount to just around 200,000 cards.

While Citi Cards' Account Online system was compromised, the main cards processing system was not. Other Citi consumer banking online systems were not accessed or compromised, Citigroup said.

Customers' account information such as names, account numbers and contact information, including email addresses, was viewed. However, data that is critical to commit fraud was not compromised, like the customers' social security number, date of birth, card expiration date and card security code (CVV), the statement said.

The bank has reissued credit cards along with a notification letter to 217,657 accounts. Notification letters started being sent from June 3. The statement further added that Citigroup has taken immediate action to rectify the situation and protect any customers potentially at risk. "Customers are not liable for any fraud on the account and are 100 per cent protected," it said.

"Citi has implemented enhanced procedures to prevent a recurrence of this type of event. We have also notified law enforcement and government officials," it added.