Citigroup blamed the delay in arriving at the correct figure to the “required analysis of millions of pieces of data.”
This marks the first statement about the data breach posted on the Citigroup website and comes just days after the Connecticut Attorney General sent a letter to Citigroup demanding that more information be provided about the data breach.
The original announcement with the 210,000 figure was made through a statement emailed to the Wall Street Journal.
In its June 15 statement, Citigroup said that customer names, account numbers, and contact information were accessed by hackers, but that information critical to committing fraud, such as social security numbers, dates of birth, card expiration dates, and card security codes, was not compromised.
Citigroup said it reissued cards to 217,657 customers, but clients were not reissued cards if the account was closed or had already received a new card as a result of other card replacement practices.
By state, the highest number of Citi credit card customers affected were California (80,454), Texas (44,134), and Illinois (30,054).