Citigroup’s admitted that many more credit cards were compromised by its recent data breach than it indicated in its previous statement.
Last week, the bank said that about one percent of customers had been affected, implying that around 200,000 had been affected.
Yesterday, however, Citigroup released a letter to its customers placing the figure at an impressively precise 360,083 card accounts. The release of the new information follows complaints from lawmakers that the company was giving out too much information.
It was particularly criticized for its failure to disclose the attack until some weeks after it had taken place. On Tuesday, Connecticut attorney general George Jepsen complained that the company was giving out too little information about how the breach occurred and how customers would be safeguarded.
Citigroup now says it’s replaced the cards of about 217,000 customers; others, it says, don’t need them because their accounts have been closed or because a new card was already on order. It seems California was the hardest-hit state, with about 80,000 affected accounts.
Citibank’s defending its tardiness in making the breach public, saying it needed to wade through a massive amount of data before it felt it was safe to do so.
Citigroup has reiterated that the information taken won’t allow hackers to access funds directly. Nevertheless, it’s promised customers that they won’t be liable for any unauthorized activity on their accounts.