Citigroup
is warning its credit card users that attackers have stolen account information
belonging to 200,000 customers. The breach apparently was discovered last
month.
The
attackers who compromised Citigroup’s network were able to get customer names,
account numbers and other data, including email addresses, according to
Reuters. The company is sending emails and letters to the affected customers,
which comprise about one percent of the company’s North America customer base.
Citigroup said that the attackers did not get access to the security codes for
the affected customers’ credit cards.
“We
are contacting customers whose information was impacted. Citi has implemented
enhanced procedures to prevent a recurrence of this type of event,” Sean
Kevelighan, a Citigroup spokesman, told Reuters in an email statement.
“For
the security of these customers, we are not disclosing further details.”
Citi
is the most recent in a long line of financial and e-commerce companies to be
hit by attackers seeking to steal confidential customer information. In just one example, Bank of
America was the target of an attack recently by its own employees in California
in which insiders allegedly handed over customer details to fraudsters, who
were able to steal money from those accounts. In May, authorities in Finland arrested 17 individuals in connection with an attack against Nordea Finland’s online banking system. Other banks and credit-card
companies have suffered breaches in recent years as well, as hackers have
focused their energy on high-value targets that can yield the most lucrative
data. Much of the banking fraud has moved online, according to a 2011 study by the Business Banking Trust. The issue of who is to blame for compromises in attacks against online banking customers is also proving to be a contentious one, with a number of cases making their way through Federal and state courts that question whether customers, or the bank itself is to blame for security lapses.