Citi raises credit card hack count to 360,000

@CNNMoneyTech June 16, 2011: 7:25 AM ET
Citigroup said more credit card accounts were hacked into than originally reported.

Citigroup said more credit card accounts were hacked into than originally reported.

NEW YORK (CNNMoney) -- Citigroup has released more details on last month's hack attack, revealing that far more credit card accounts were accessed than originally reported, and took more than three weeks to notify customers.

Citigroup (C, Fortune 500) said that it discovered, on May 10, that 360,083 credit card accounts had been hacked into.

This is a significant increase from the number that Citigroup had reported on June 13, when it said that "roughly 1%" of its 21 million credit card accounts had been hacked, which would have been 210,000 accounts.

"Only accounts in the U.S. were impacted," said Citigroup, noting that new credit cards were re-issued to 217,657 of the hacked accounts, along with a notification letter.

"Some accounts were not re-issued credit cards if the account is closed or has already received new credit cards as a result of other card replacement practices," said Citigroup. "These accounts continue to receive heightened monitoring for suspicious activity."

Citigroup said it waited until June 3, more than three weeks after the discovery, to start sending out notification letters, "the majority of which included reissued credit cards."

"Citi has implemented enhanced procedures to prevent a recurrence of this type of event," the company said. "We have also notified law enforcement and government officials. For the security of our customers, and because of the ongoing law enforcement investigation, we cannot disclose further details regarding how the data breach occurred."

Senators propose mobile data privacy law

Citigroup provided a state-by-state breakdown of the hacker victims. The state with the most hacked accounts -- some 80,454 -- was California, the most populous state in the union.

There have been other high-profile security breaches in recent months. Sony (SNE) was subjected to major hacks in April and May, affecting several of its gaming systems and potentially compromising tens of millions of credit card numbers.

In a separate case, hackers used SecurIDs -- the tokens used by office workers to access corporate systems -- to launch cyber attacks against Lockheed Martin (LMT, Fortune 500). The maker of the tokens, RSA Security, a division of EMC Corp (EMC, Fortune 500)., offered to replace or monitor all SecurIDs.

Bank of America (BAC, Fortune 500) employees and some clients use the tokens. The banks said they will be replaced. To top of page

  • -->

    Most stock quote data provided by BATS. Market indices are shown in real time, except for the DJIA, which is delayed by two minutes. All times are ET. Disclaimer. Morningstar: © 2018 Morningstar, Inc. All Rights Reserved. Factset: FactSet Research Systems Inc. 2018. All rights reserved. Chicago Mercantile Association: Certain market data is the property of Chicago Mercantile Exchange Inc. and its licensors. All rights reserved. Dow Jones: The Dow Jones branded indices are proprietary to and are calculated, distributed and marketed by DJI Opco, a subsidiary of S&P Dow Jones Indices LLC and have been licensed for use to S&P Opco, LLC and CNN. Standard & Poor's and S&P are registered trademarks of Standard & Poor's Financial Services LLC and Dow Jones is a registered trademark of Dow Jones Trademark Holdings LLC. All content of the Dow Jones branded indices © S&P Dow Jones Indices LLC 2018 and/or its affiliates.