June 9, 2011

Hackers Steal Citigroup Information

Citigroup Inc. announced today that hackers had accessed credit card information for approximately 200,000 North American customers, in an online security breach.

The bank discovered the break-in had occurred in early May, after routine monitoring of about 1 percent of customers.

According to its 2010 annual report, Citi has more than 21 million credit card customers in North America. The New York-based bank declined to say exactly how many accounts had been accessed.

Hackers were able to view customer names, their account numbers and contact information including email addresses. Citi officials claim that social security numbers, birth dates, card expiry dates or card security codes were not accessed.

"We are contacting customers whose information was impacted. Citi has implemented enhanced procedures to prevent a recurrence of this type of event," Sean Kevelighan, a U.S.-based spokesman, told Reuters by email. "For the security of these customers, we are not disclosing further details."

This news arrives fresh after recent digital break-ins have been announced by Sony and Nintendo. Citi may well come under fire for not telling customers sooner about the intrusions.

"It may be the bank's business, but it's the consumer's personal information so consumers deserve to be told about security breaches immediately," Dan Simpson, a spokesman for Australia's Consumer Action Law Centre, told Reuters. "It's hard to see any reason why this sort of breach couldn't have been disclosed much sooner."

"While Citi customers aren't likely to have fraudulent charges against their accounts as a result of this breach, they are likely to encounter social engineering attempts to enable further crime," blogged Chester Wisniewski, a consultant for security firm Sophos.

"Customers affected by this incident should be on high alert for scams, phishing and phone calls purporting to be from Citibank and their subsidiaries," he told BBC News.


On the Net: