Though Citigroup originally estimated that nearly 210,000 of its credit card customers were affected by a May 10 data breach, the company recently bumped that figure to a total of 360,083.
In a statement on its website, Citigroup said that, upon closer investigation of the breach, it discovered that several thousand more credit card accounts were compromised than originally reported.
Of the impacted accounts – all in North America – 142,426 were not active at the time of the breach. The company also stated that it has reissued some 217,657 credit cards, as well as letters of notification to those impacted by the incident.
Citi’s statement comes days after Connecticut Attorney General George Jepsen sent a letter to the company, demanding it reveal more details about the breach. In his letter, dated June 13, Jepsen said the lack of information regarding the breach “heightens my concerns for the citizens of Connecticut.” He noted that this was particularly worrisome, as the data breached included personal information, such as names, account numbers and email addresses.
In its statement, Citi revealed the steps that it has taken in response to the breach, as well as a state-by-state breakdown of the number of accounts affected. According to Citi’s figures, California, Texas and Illinois were the most severely impacted, with each seeing tens of thousands of accounts compromised.
Citi reassured customers that they were not liable for any fraud that might occur as a result of the incident and that each account is “100 percent protected.”
“Citi has implemented enhanced procedures to prevent a recurrence of this type of event. We have also notified law enforcement and government officials. For the security of our customers, and because of the ongoing law enforcement investigation, we cannot disclose further details regarding how the data breach occurred,” the company stated.