Daily cyber threats and internet security news: network security, online safety and latest security alerts
June 9th, 2011

Citigroup Admits Customer Data Breach, 200,000 North American Credit Card Holders Possibly Affected

Citigroup has admitted that hackers managed to break into its systems and accessed information on about 200,000 North American credit card holders.

The Financial Times reports that the breach was discovered in early May and involved customer names, account numbers and contact information. However, information that would facilitate fraud or identity theft, such as birth dates, Social Security numbers, credit card expiration dates and CVV codes, were not compromised.

The financial giant said the breach occurred on its Citi Account Online system and affected 1% of its customers. According to the latest public figures, there are 20 million Citi cardholders in North America.

“We are contacting customers whose information was impacted. Citi has implemented enhanced procedures to prevent a recurrence of this type of event. For the security of these customers, we are not disclosing further details,” an US Citi spokesman, told Reuters.

While affected customers are not likely to have their credit cards misused directly because of this breach, the exposed information could be used to craft believable phishing attacks aimed at extracting more sensitive information.

“Customers affected by this incident should be on high alert for scams, phishing and phone calls purporting to be from Citibank and their subsidiaries,” warns Chester Wisniewski, a senior security advisor at Sophos.

“Considering that the attackers have your name, account number and other sensitive information they are able to provide a very convincing cover story to victims,” he adds.

The incident follows other large scale data breaches that involved personal information in recent months. In April, hackers broke into Sony’s PlayStation Network (PSN) and stole the personal details of over 76 million customers.

Questions have been raised as to why Citigroup took a month to disclose this incident. There is a general feeling that companies are taking too long to inform customers when their privacy is compromised. US lawmakers are working on federal legislation that would force companies to report breaches in a more timely manner.

Credit: News

Share this item with others:

More on CyberInsecure:
  • Malware Found In Heartland Bank Card Payment System
  • University Of North Florida Server Breached, Private 100,000 Students Application Data Compromised
  • Credit Cards Data Stolen In 1st Source Bank Intrusion
  • Argos Expose Unencrypted Credit Card Data In Email Receipts
  • Radisson Hotels Breached, Sensitive Customer Data Exposed

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Citigroup Admits Customer Data Breach, 200,000 North American Credit Card Holders Possibly Affected

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.