Connecticut AG seeks Citigroup info on data breach

NEW YORK (Reuters) – Connecticut Attorney General George Jepsen is seeking information from Citigroup Inc about a recent data breach that exposed the personal information of about 200,000 of the bank’s credit card customers.

The third-largest U.S. bank, which disclosed the breach last week, has failed “to explain how it occurred and what is being done to protect affected customers from potential financial fraud,” Jepsen’s office said in a statement Tuesday.

Citigroup last week said about 1 percent of its North American credit card customers had their names, account numbers and contact information exposed by hackers. The data breach took place in early May, according to media reports, but Citigroup waited almost a month before making it public.

The bank has refused to discuss specifics of how it was attacked or what it is doing to prevent future attacks, citing security reasons.

Jepsen said he expects Citigroup “to fully compensate and protect any Connecticut consumers harmed as a result of this breach.” (Reporting by Maria Aspan, editing by Gerald E. McCormick)