Citigroup Inc said a on Wednesday that a total of 360,083 North American Citigroup credit card accounts were affected by a cyber attack in May, almost twice as many accounts as the bank's figures had initially suggested.
On May 10, a compromise to Citi Account Online that impacted one percent of North America Citi-branded credit card accounts was discovered by Citi as part of routine monitoring. The compromise was immediately rectified, according to the bank.
"While Citi Cards' Account Online system was compromised, the main cards processing system was not," the bank said. "Other Citi consumer banking online systems were not accessed or compromised."
Customers' account information (such as name, account number and contact information, including email address) was viewed. However, data that is critical to commit fraud was not compromised: the customers' social security number, date of birth, card expiration date and card security code (CVV), the bank said.
Citi added that the majority of accounts impacted were identified within seven days of discovery. By May 24, Citi confirmed the full extent of information accessed on 360,069 accounts. An additional 14 accounts were confirmed subsequently.
Of those affected, some 217,657 customers were reissued with new cards along with a notification letter, while the remaining accounts were either inactive or had already received new cards earlier, the bank added.
For additional information, read Citigroup's official statement here