Citigroup Inc. agreed to undertake an audit of its online credit card account system as part of an accord with Connecticut following an investigation that found hackers could access multiple accounts.
The investigation found a “known technical vulnerability” in the bank’s Account Online web-based service, Connecticut Attorney General George Jepsen said in a statement today announcing the settlement.
“This vulnerability was known to the company at the time of the breach and may have existed since 2008,” he said.
New York-based Citigroup will obtain a third-party data security audit, the state said. The investigation was conducted by Connecticut and California Attorney General Kamala Harris.
The bank will also pay $55,000.
Customer data that is “critical to commit identity theft” was not accessed, said Emily Collins, a spokeswoman for the bank.
“Citi has and will continue to comply with all applicable information security laws and customer notification requirements,” Collins said.