Citigroup Inc said it discovered that account information for about 1% of its credit card customers had been viewed by hackers. Citi has more than 21 million credit card customers in North America, according to its 2010 annual report.
The New York-based bank, which discovered the problem during routine monitoring, didn't say exactly how many accounts were breached. Citi said it was contacting those customers.
The bank said hackers weren't able to gain access to social security numbers, birth dates, card expiration dates or card security codes. That kind of information often leads to identity theft, where cybercriminals empty out bank accounts and apply for multiple credit cards.
That can debilitate the finances and credit of victims. Citi customers could still be vulnerable other problems.
Details about their bank accounts and financial information linked to them could be acquired using the e-mail information and account numbers hackers stole.
Federal regulators have taken notice and are asking banks to improve security.
The Citi data breach was the latest in a series of recent high-profile data attacks against a number of major firms.
On June 1, Google Inc said that the personal Gmail accounts of several hundred people, including senior US Government officials, military personnel and political activists, had been breached.
On May 30, broadcaster PBS confirmed that hackers cracked the network's website and posted a phony story claiming dead rapper Tupac Shakur was alive in New Zealand.
On May 28, defense contractor Lockheed Martin Corp said it had detected a "significant and tenacious attack" against its computer networks. The company said it took swift and deliberate actions to protect the network and the systems remain secure.
In April, media and electronics company Sony Corp's PlayStation Network was shut down in April after a massive security breach that affected more than 100 million online accounts.
Also in April, hackers penetrated a network operated by a data marketing firm Epsilon. The company handles e-mail communications for companies like Best Buy Co and Target Corp.
The number of data breaches in the last two months sets a "high water mark," said John Ottman, CEO of Application Security Inc, a New York-based firm that specialises in securing databases, the big repositories companies use to organise account information and other data.
"Attackers have realised that most organisations have not properly protected databases," Ottman said.
The fact that the Citi hackers only got a few pieces of personal data on customers may limit what crooks can do with the information, said Susan Grant, director of consumer protection at Consumer Federation of America, a consumer advocacy group.
"But any ID theft is worrisome for consumers," she said. She believes companies are responsible for protecting their customers' information from internal and external abuse.
In an e-mailed statement, Sean Kevelighan, a spokesman for Citi said the bank is contacting affected customers and enhancing procedures to prevent a similar security breach from happening again.
"For the security of these customers, we are not disclosing further details," he said.