Citigroup Took Three Weeks to Notify Customers of Breach
This article is for subscribers only.
Citigroup Inc., the third-biggest U.S. lender, took as long as three weeks to notify customers after data for about 210,000 credit-card accounts in North America were breached.
“Citi immediately rectified the data breach upon discovery, while also placing internal fraud alerts and monitoring on all accounts at risk,” Sean Kevelighan, a spokesman for Citigroup, said today in an e-mailed statement. “Simultaneously, we began analysis to determine the precise accounts and type of information accessed, which resulted in roughly 1 percent of North America Citi-branded credit cards. Within three weeks -- June 3 precisely -- we began sending notification letters to clients, the majority of which included re-issued credit cards.”