Citigroup has confirmed a media report that computer hackers have accessed details of about 200,000 of its customers in North America.
That included names, account numbers and contact information, such as email addresses.
Citi said other information such as birth dates, social security numbers, card expiration dates and card security codes were not compromised.
“We are contacting customers whose information was impacted. Citi has implemented enhanced procedures to prevent a recurrence of this type of event,” Sean Kevelighan, a US-based spokesman, said. “For the security of these customers, we are not disclosing further details.”
It is the latest of a string of cyber attacks on high-profile companies.
According to a report in the Financial Times, the attack reportedly happened in early May and Citi has been criticised for not telling customers sooner.
“It may be the bank’s business, but it’s the consumer’s personal information so consumers deserve to be told about security breaches immediately,” said Dan Simpson, a spokesman for Australia’s Consumer Action Law Centre, an advocacy group.
“It’s hard to see any reason why this sort of breach couldn’t have been disclosed much sooner,” he added.