NEW YORK – Citigroup said that about 360,000 credit card customers were affected by last month's hacking attack, or nearly double the number previously indicated by the bank.
In a statement "to our customers" that was released by the New York-based bank late Wednesday, Citigroup said "a total of 360,083 North America Citi-branded credit cards were affected."
The company had said that the security breach compromised about 200,000 customer accounts, or one percent of the company's card users in North America.
The additional details came amid demands from regulators and lawmakers, including Sen. Robert Menendez (D-N.J.), for more information from Citigroup about the hacking attack. As reported, Citigroup waited as long as three weeks to notify credit card customers of the breach.
Citigroup did not disclose as part of Wednesday night's statement any new facts about how the attack occurred, citing the "security of our customers" and "the ongoing law enforcement investigation." The company said it was taking "every necessary action to ensure our customers are cared for."
Asked about the increase in the number of affected customers, a Citigroup spokesman said the company has about 23.5 million credit card accounts in North America, up from the year-end figure of 21 million cited in most news reports about the hacking attack.
In addition, the number of active accounts affected was fewer than 360,000 because of subsequent account closures, the spokesman added, while some customers had more than one account.
In its statement, Citigroup said it replaced the cards of about 217,000 customers. Other customers did not receive new cards because they already were getting them for other reasons or their accounts were closed.
According to a state-by-state list released by Citigroup, about 80,000 credit card accounts in California were affected by the security breach. That was the highest number of any US state.