Connecticut Attorney General George Jepsen asked Citigroup Inc. (C) to provide more information on how a recent data breach occurred and what is being done to protect affected customers from fraud.
Citigroup said this month that the account information of about 1 percent of its Citi-branded North America credit cards was viewed through unauthorized access to accounts online.
Jepsen said in a statement today that he wrote a letter to New York-based Citigroup’s Chief Executive Officer Vikram Pandit and its general counsel, Michael Helfer. He requested the additional information by June 22.
“Critical facts about the intrusion remain unclear, including details concerning the number and characteristics of impacted accounts, the cause of the breach, the steps taken to notify and protect the affected individuals, and the nature of any procedures adopted to prevent future data breaches,” Jepsen said in the letter.
Sean Kevelighan, a Citigroup spokesman, said he couldn’t comment directly on Jepsen’s request.
“Citi immediately rectified the data breach upon discovery, while also placing internal fraud alerts and monitoring on all accounts at risk,” Kevelighan said in an e- mail. “Simultaneously, we began analysis to determine the precise accounts and type of information accessed.”
Citigroup also notified law enforcement and government officials, Kevelighan said. On June 3, within three weeks, the bank began to notify clients by letter, most of which included re-issued credit cards, he said.
“None of the data breached was sufficient to perpetrate fraud,” Kevelighan said.
Citigroup’s credit card unit is run by Judson Linville, a former American Express Corp. executive whom Pandit, 54, hired last September.
To contact the editor responsible for this story: Michael Hytha at firstname.lastname@example.org