Hackers affected 218,000 US card accounts in recent breach, Citigroup says
HONG KONG — Hackers stole information for 360,000 Citigroup Inc. US credit card accounts in a recent data breach, although the actual number of customers affected was not much higher than originally reported, the bank said Wednesday.
Citi said last week that about 1 percent of its credit card customers had account information hacked online but did not say exactly how many. The actual number of customers affected was thought to be about 210,000, based on Citi’s 2010 annual report, which said the company had roughly 21 million North American credit card customers.
The exact number of customers affected was not far off the mark. In a statement posted late Wednesday on its website, the company said 217,657 people were sent notification letters and new cards starting June 3.
Hackers gained access to 360,083 accounts but because many of the accounts were duplicates or had been closed, they did not need replacement cards, Citi said.
The bank said it discovered on May 10 that hackers used its Account Online system to access the data for North America Citi-branded credit cards issued in the United States.
The bank said last week that hackers accessed customer names, account numbers, and contact information, including e-mail addresses.
But they weren’t able to get Social Security numbers, birth dates, or card expiration dates or security codes, information that can be useful in identity theft.
Internal fraud alerts and enhanced monitoring were placed on all accounts deemed at risk as soon as the breach was discovered, Citi said.
Citi said it has notified police and government officials.
“For the security of our customers, and because of the ongoing law enforcement investigation, we cannot disclose further details regarding how the data breach occurred,’’ it said.
Citi reassured customers that they weren’t liable for any unauthorized use of their cards and urged them to review account statements to report any suspicious transactions.
It is the latest in a series of high-profile data attacks against big companies and institutions. The International Monetary Fund said Sunday that it was investigating an attack on its computer system.
Google Inc. said earlier this month that Gmail accounts of several hundred people had been breached. In April, Sony Corp.’s Playstation Network was the victim of a massive security breach that affected more than 100 million online accounts.