09 February 2016

Citi raises the numbers hit by data breach

16 June 2011  |  8292 views  |  0 citi bank

The Citi data card breach compromised 360,000 customer accounts - 80% more than the figure initially reported - and forced the bank to re-issue 218,000 cards to affected customers.

The new data comes in a public comment letter issued by the bank to its customers. While the letter identifies the date of the discovery of the breach as 10 May, the statement provides no details on how the accounts were compromised. The bank has yet to respond to claims that the hackers accessed the data through a simple vulnerability in the browser address bar.

To Our Customers:

You may have recently read in the media about a compromise to Citi Account Online impacting credit card accounts in North America.

We wanted to share more specifics with you regarding the event. First, we want to confirm three things:

1. From the moment Citi discovered the breach we took immediate action to rectify the situation and protect any customers potentially at risk.
2. Customers are not liable for any fraud on the account and are 100% protected.
3. Every decision made throughout this process was in the best interest of our customers.

Updated Information on Recent Compromise to Citi Account Online For Our Customers

** Includes specific details, including dates and number of customers
impacted **

On May 10, a compromise to Citi Account Online that impacted roughly one percent of North America Citi-branded credit card accounts was discovered as part of routine monitoring and immediately rectified. While Citi Cards' Account Online system was compromised, the main cards processing system was not. Other Citi consumer banking online systems were not accessed or compromised.

Upon discovery, internal fraud alerts and enhanced monitoring were placed on all accounts deemed at risk. Simultaneously, rigorous analysis began to determine the precise accounts and type of information accessed. The majority of accounts impacted were identified within seven days of discovery. By May 24, we confirmed the full extent of information accessed on 360,069 accounts. An additional 14 accounts were confirmed subsequently. To determine the cardholder impact required analysis of millions of pieces of data.

The customers' account information (such as name, account number and contact information, including email address) was viewed. However, data that is critical to commit fraud was not compromised: the customers' social security number, date of birth, card expiration date and card security code (CVV).

While the investigation was underway, preparations began to notify customers and, as appropriate, replace affected customers' credit cards. As of May 24, we began the process of developing notification packages including customer letters and manufacturing replacement cards, as well as preparing our customer service teams. Notification letters were sent beginning June 3, the majority of which included reissued credit cards.

Citi has implemented enhanced procedures to prevent a recurrence of this type of event. We have also notified law enforcement and government officials. For the security of our customers, and because of the ongoing law enforcement investigation, we cannot disclose further details regarding how the data breach occurred.

Our customers are not liable for any unauthorized use of their accounts. We encourage our customers to review their account statements and to report any suspicious or unauthorized charges to us. Citi also offers free personalized identity theft solutions to assist our customers in taking appropriate steps if they believe they are a victim of identity theft.

Customers with additional questions can call the toll free number on the back of their card for help from Citi Customer Service. We continue to monitor customer service and communication channels and take every necessary action to ensure our customers are cared for.

Total Accounts Impacted:

* A total of 360,083 North America Citi-branded credit cards were affected. Only accounts issued in the U.S. were impacted.
* 217,657 accounts were reissued credit cards along with a notification letter.
* Some accounts were not re-issued credit cards if the account is closed or has already received new credit cards as a result of other card replacement practices. These accounts continue to receive heightened monitoring for suspicious activity.

Comments: (0)

Comment on this story (membership required)
Log in to receive notifications when someone posts a comment

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board, sign up now.

Related stories

15 June, 2011
09 June, 2011
25 March, 2011
15 October, 2010
05 October, 2010
27 July, 2010
10 March, 2010

Related company news

Your browser is unable to support Flash files.

Top topics

Most viewed Most shared
Fintech rising: Resistance is futile, says...
11635 views comments | 51 tweets | 44 linkedin
Digital transformation driving earnings at...
10074 views comments | 48 tweets | 40 linkedin
Visa opens up to developers
8230 views comments | 23 tweets | 41 linkedin
ECB eyes up European P2P payments
8072 views comments | 29 tweets | 39 linkedin
It may take ten years, but blockchain tech...
6914 views comments | 21 tweets | 19 linkedin

Featured job

Competitive Package
New York City, NY. USA

Find your next job