By Maria Aspan & Kelvin Soh
NEW YORK/HONG KONG (Reuters) - Citigroup Inc said a cyber attack in May affected almost twice as many people as the bank's figures had initially suggested, as major U.S. lenders come under growing pressure from lawmakers to improve account security.
A total of 360,083 North American Citigroup credit card accounts were affected by the breach, the third-largest U.S. bank by assets said in a statement released late on Wednesday.
Citigroup had earlier said that about 1 percent of its North American accounts were affected. The bank's annual report puts the total number of its customers at 21 million.
"It is mainly due to the actual number of accounts being more than what's in the 2010 annual report as well as variances such as some of the accounts being closed," United States-based Citi spokesman Sean Kevelighan said in an emailed response.
Customers had their names, account numbers and contact information accessed, but Citi said that "data critical to commit fraud was not compromised" and that other consumer banking online systems were not accessed.
Citigroup also said it identified "the majority" of accounts compromised within seven days, adding that the information was accessed on the accounts by May 24 but that it only started notifying customers of the breach on June 3.
Some 217,657 accounts have been reissued with new credit cards along with a notification letter, the bank said.
The bank is the latest in a growing list of companies to face cyber attacks in recent months, with Sony, Google Inc and Lockheed Martin all having suffered under hackers this year.
In response to the latest bout of attacks, many banks have stepped up their security effort, with two Australian banks replacing their customers' "SecurID" electronic keys earlier this month.
Regulators in many countries have also been preparing new measures on data security, with the head of the Federal Deposit Insurance Corp in the United States saying last week she may "ask some banks to strengthen their authentication when a customer logs onto online accounts."
The Hong Kong Monetary Authority also said it requires banks to have a risk management system to ensure the adequacy of their security systems.
"Banks are expected to continue to review their security measures in place to enhance the controls, where appropriate, on an ongoing basis," said an HKMA spokeswoman.
(Editing by Lincoln Feast and Muralikumar Anantharaman)