Citigroup delayed notifying credit card customers that their accounts had been hacked, according to a report.
NEW YORK (CNNMoney) -- Citigroup waited up to three weeks before notifying credit card customers that their accounts had been hacked, according to a published report Monday.
Citigroup (C, Fortune 500) held off on notifying customers in last month's security breach because the company was conducting an investigation, reported the Wall Street Journal.
A Citigroup spokesman declined immediate comment on the story.
The financial company said June 9 that it had discovered a security breach where a hacker had accessed more than 200,000 accounts.
"A limited number - roughly 1% - of Citi bankcard customers' accounting information (such as name, account number and contact information including e-mail address) was viewed," said Citigroup last week, when it first announced the breach, which occurred in May.
Citigroup has about 21 million credit card accounts in North America, where the breach occurred.
Other high-profile security breaches have occurred recently. Sony (SNE) was subjected to major hacks in April and May, affecting several of its gaming systems and potentially compromising tens of millions of credit card numbers.
RSA Security, a division of EMC Corp., (EMC, Fortune 500) offered to replace or monitor all SecurIDs - the tokens used by office workers to access corporate systems - after they were used to launch cyber attacks against Lockheed Martin (LMT, Fortune 500).
Bank of America (BAC, Fortune 500) employees and some clients also use the RSA tokens. The bank said the tokens will be replaced.
--CNN's Katy Byron contributed to this report 
