More than 360,000 Citibank customers had their private information hacked last month, nearly double the company’s original estimate, according to a press release issued by the bank on Wednesday.
The hackers accessed customers’ names, account numbers and email addresses. They did not get to see other information especially useful for committing fraud, including Social Security numbers, dates of birth, card security codes and expiration dates, according to the bank.
The attack affected Citi’s Account Online system, but not the company’s main transaction processing network. The company assured consumers that they won’t have to pay for any fraudulent purchases resulting from the data breach.
“Our customers are not liable for any unauthorized use of their accounts,” Citi said in a press release.
The bank has been criticized by some, including Sen. Robert Menendez (D-N.J.), for taking three weeks to notify customers about the breach. In its statement, Citi said it responded as soon as the breach was detected, but that it required the analysis of “millions of pieces of data” before company researchers could figure out how much information the hackers accessed.
The attack was discovered on May 10. Citi told reporters about it on June 8, and the first notification letters were mailed to consumers on June 3. Most customers whose information was compromised received replacement credit cards.
Christopher Maag is Credit.com’s Staff Writer. Chris graduated with honors from the Columbia University Graduate School of Journalism, and has reported for a number of publications including The New York Times, TIME magazine and Popular Mechanics.
This article originally appeared on Credit.com.