Citibank has confirmed that the names, account numbers and contact information of hundreds of thousands of customers have been stolen in a hacking attack.
The breach happened back in May, but the company is only now alerting customers. Around 200,000 people, all in the US, are believed to have been affected - one percent of the company's customers.
It's not known who was responsible, and Citibank isn't revealing how the attack was carried out.
It does, though, say it's put measures in place to make sure that a similar breach couldn't happen again.
Citibank says that other information, such as birth dates, social security numbers, card expiration dates and card security codes remain safe. This means that the hackers can't actually access customer funds - but that they will be able to conduct some pretty effective phishing expeditions.
"Customers affected by this incident should be on high alert for scams, phishing and phone calls purporting to be from Citibank and their subsidiaries," says Chester Wisniewski of security firm Sophos.
While Citi customers aren't likely to have fraudulent charges against their accounts as a result of this breach, they are likely to encounter social engineering attempts to enable further crime. Considering that the attackers have your name, account number and other sensitive information they are able to provide a very convincing cover story to victims."