Citigroup announced yesterday that information from more than 360,000 of its U.S. credit card accounts was stolen in a cyber attack last month, rather than the 200,000 that were initially disclosed to the public last week.

The data breach was initially discovered by Citigroup on May 10, but it wasn’t until May 24 that the company knew the total number of credit cards that had been compromised, according to a company press release.

Customer names, account numbers, and contact information (including e-mail addresses) were stolen, but no birth dates, Social Security numbers, bank-card expiration dates, or bank-card codes have been compromised.

On Monday, The Wall Street Journal reported that Citigroup waited three weeks to disclose the breach to the public because it was conducting an internal investigation into the matter.

More than 217,000 accounts have already been issued new credit cards. Accounts that had previously been closed or received new credit cards as a result of standard replacement practices were not issued new cards; however, those accounts continue to be monitored more closely.

Citigroup said that a law enforcement investigation into the breach is currently underway, and that as a result, the company cannot reveal any more information at this time.

Consumer Reports says that companies should promptly notify customers of data breaches that pose identity theft or fraud risks, among other steps they should take.

If you think you may have had your personal information compromised, see our story, Five things to do when a company leaks your personal info, for tips.

Sources:
Updated information on recent compromise to Citigroup account online [Citigroup]
Citigroup reports hackers grabbed bank card data from more than 200,000 customers [Consumer Reports]
Citi defends delay in disclosing hacking [The Wall Street Journal]