Citigroup has released updated figured for the data breach last week in which the company claimed that about one percent of the company’s customers’ account information had been accessed by hackers. Citigroup’s latest update says that information for more than 360,000 U.S. credit card accounts was compromised in the breach, but the total number of impacted customers remains relatively steady at just under 218,000.
Citigroup discovered the breach on May 10, and began sending notification letters to customers on June 3.
Citigroup says attackers were able to obtain account holders’ names, account numbers, and contact information, including their email addresses. However, the company claims that other information that would be particularly useful to identity thieves—social security numbers, expiration dates, dates of birth, and card security codes—were never compromised.
The company says many of the additional accounts accessed by hackers were either duplicates or closed accounts, and don’t represent a significant additional threat to consumers. Citigroup has heightened monitoring on all the accounts, but will not be issuing new card for closed accounts or accounts that recently received new cards through other card-replacement operations. The company says it placed Internet fraud alerts and enhanced monitoring on all accounts deemed at risk once the breach was uncovered.
Citigroup emphasizes that customers are not liable for unauthorized use of their accounts, and that the company has implemented enhanced security procedures and is working with law enforcement. However, they do not intend to go into any more detail on the incident. “For the security of our customers, and because of the ongoing law enforcement investigation, we cannot disclose further details regarding how the data breach occurred,” the company said in a statement.
The states with the greatest number of compromised accounts are California (with more than 80,000), Texas, Illinois, New York, and Florida.