Citigroup Admits Info on 200K Customers Stolen in Network Compromise

Citigroup
is warning its credit card users that attackers have stolen account information
belonging to 200,000 customers. The breach apparently was discovered last
month.

CitigroupCitigroup
is warning its credit card users that attackers have stolen account information
belonging to 200,000 customers. The breach apparently was discovered last
month.

The
attackers who compromised Citigroup’s network were able to get customer names,
account numbers and other data, including email addresses, according to
Reuters. The company is sending emails and letters to the affected customers,
which comprise about one percent of the company’s North America customer base.

Citigroup said that the attackers did not get access to the security codes for
the affected customers’ credit cards.

“We
are contacting customers whose information was impacted. Citi has implemented
enhanced procedures to prevent a recurrence of this type of event,” Sean
Kevelighan, a Citigroup spokesman, told Reuters in an email statement.

“For
the security of these customers, we are not disclosing further details.”

Citi
is the most recent in a long line of financial and e-commerce companies to be
hit by attackers seeking to steal confidential customer information. In just one example, Bank of
America was the target of an attack recently by its own employees in California
in which insiders allegedly handed over customer details to fraudsters, who
were able to steal money from those accounts. In May, authorities in Finland arrested 17 individuals in connection with an attack against Nordea Finland’s online banking system. Other banks and credit-card
companies have suffered breaches in recent years as well, as hackers have
focused their energy on high-value targets that can yield the most lucrative
data. Much of the banking fraud has moved online, according to a 2011 study by the Business Banking Trust. The issue of who is to blame for compromises in attacks against online banking customers is also proving to be a contentious one, with a number of cases making their way through Federal and state courts that question whether customers, or the bank itself is to blame for security lapses.

Suggested articles

Discussion

  • Anonymous on

    I consolidated four Credit card indebtednesses.  Two Citicorps--Sears and Radioshack. About the time of the attack, Sears claimed that my consolidation non-profit group  mispaid by $1, the initial payment of my proposal agreement with them.  That error cost me over $500 and Sears took back all agreements of my consolidation proposal with them through the consolidation company.  Now I'm back paying off this debt at the  same overly high interest rate  I enjoyed before I consolidate the loans.

    As soon as that matter cleared, RadioShack alledged that the loan consolidation company never filed a proposal for the account.   The company has electronic evidence that it did and tat tRadioShack accepted the proposal way back in September 20110.   No matter, I have a rising past due fee of close to $400. now over at Radio Shack

    Got no email notice ( I do paperlessbilling) that my account was attacked.  I only got notice of a past due amount.  Go figure..

     

    Got any attorneys out there who want to take on this case, you have my permission to pass on my e-mail address.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.