Citigroup, which suffered a massive data breach that exposed hundreds of thousands of credit cards, upped its initial estimate of the amount of customers’ credit cards exposed from 200,000 to 360,000.
The New York Times reports Citigroup revealed the new estimate in a statement Wednesday night, following pressure from state and federal regulators, including Connecticut’s attorney general, who are investigating the breach. The bank identified May 10 as the date the breach occurred and says the bank confirmed May 24 that hackers swiped 360,000 names, credit card number and email addresses. On the same day, the bank started to replace around 218,000 cards and compose letters notifying users about the breach, but those weren’t sent out until June 3. The bank told the public about the breach on June 9.
The bank says it didn’t issue replacement cards for accounts that were closed or had already been replaced, and that it’s monitoring those accounts for potential abuse.
In the statement, Citigroup said victims would not be stuck with fraudulent charges, and that potential victims can call a number on their credit cards to ask for free identity theft protection assistance.
Citi Says Many More Customers Had Data Stolen by Hackers [The New York Times]