21 October 2016
Visit dh.com

Citi raises the numbers hit by data breach

16 June 2011  |  8500 views  |  0 citi bank

The Citi data card breach compromised 360,000 customer accounts - 80% more than the figure initially reported - and forced the bank to re-issue 218,000 cards to affected customers.

The new data comes in a public comment letter issued by the bank to its customers. While the letter identifies the date of the discovery of the breach as 10 May, the statement provides no details on how the accounts were compromised. The bank has yet to respond to claims that the hackers accessed the data through a simple vulnerability in the browser address bar.

To Our Customers:

You may have recently read in the media about a compromise to Citi Account Online impacting credit card accounts in North America.

We wanted to share more specifics with you regarding the event. First, we want to confirm three things:

1. From the moment Citi discovered the breach we took immediate action to rectify the situation and protect any customers potentially at risk.
2. Customers are not liable for any fraud on the account and are 100% protected.
3. Every decision made throughout this process was in the best interest of our customers.

Updated Information on Recent Compromise to Citi Account Online For Our Customers

** Includes specific details, including dates and number of customers
impacted **

On May 10, a compromise to Citi Account Online that impacted roughly one percent of North America Citi-branded credit card accounts was discovered as part of routine monitoring and immediately rectified. While Citi Cards' Account Online system was compromised, the main cards processing system was not. Other Citi consumer banking online systems were not accessed or compromised.

Upon discovery, internal fraud alerts and enhanced monitoring were placed on all accounts deemed at risk. Simultaneously, rigorous analysis began to determine the precise accounts and type of information accessed. The majority of accounts impacted were identified within seven days of discovery. By May 24, we confirmed the full extent of information accessed on 360,069 accounts. An additional 14 accounts were confirmed subsequently. To determine the cardholder impact required analysis of millions of pieces of data.

The customers' account information (such as name, account number and contact information, including email address) was viewed. However, data that is critical to commit fraud was not compromised: the customers' social security number, date of birth, card expiration date and card security code (CVV).

While the investigation was underway, preparations began to notify customers and, as appropriate, replace affected customers' credit cards. As of May 24, we began the process of developing notification packages including customer letters and manufacturing replacement cards, as well as preparing our customer service teams. Notification letters were sent beginning June 3, the majority of which included reissued credit cards.

Citi has implemented enhanced procedures to prevent a recurrence of this type of event. We have also notified law enforcement and government officials. For the security of our customers, and because of the ongoing law enforcement investigation, we cannot disclose further details regarding how the data breach occurred.

Our customers are not liable for any unauthorized use of their accounts. We encourage our customers to review their account statements and to report any suspicious or unauthorized charges to us. Citi also offers free personalized identity theft solutions to assist our customers in taking appropriate steps if they believe they are a victim of identity theft.

Customers with additional questions can call the toll free number on the back of their card for help from Citi Customer Service. We continue to monitor customer service and communication channels and take every necessary action to ensure our customers are cared for.

Total Accounts Impacted:

* A total of 360,083 North America Citi-branded credit cards were affected. Only accounts issued in the U.S. were impacted.
* 217,657 accounts were reissued credit cards along with a notification letter.
* Some accounts were not re-issued credit cards if the account is closed or has already received new credit cards as a result of other card replacement practices. These accounts continue to receive heightened monitoring for suspicious activity.

Comments: (0)

Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

Citigroup hackers broke in through the public Website - NYTimes

Citigroup hackers broke in through the public Website - NYTimes

15 June 2011  |  11014 views  |  0 comments
Hackers hit Citi card customers

Hackers hit Citi card customers

09 June 2011  |  8574 views  |  0 comments
US man jailed for $3m wire fraud

US man jailed for $3m wire fraud

25 March 2011  |  9400 views  |  1 comments
Citi to pilot multi-account '2G cards'

Citi to pilot multi-account '2G cards'

05 October 2010  |  11109 views  |  1 comments
Citi admits iPhone app security flaw

Citi admits iPhone app security flaw

27 July 2010  |  10461 views  |  0 comments
Citi exposes 600,000 social security numbers

Citi exposes 600,000 social security numbers

10 March 2010  |  10215 views  |  1 comments

Related company news

Visit capgemini.comFind out moreVisit www.i2cinc.com

Top topics

Most viewed Most shared
The bank of the future will be invisible - KPMGThe bank of the future will be invisible -...
30757 views comments | 113 tweets | 210 linkedin
New EU rules could cost UK firms £122bn in cybersecurity fines - PCI SSCNew EU rules could cost UK firms £122...
10556 views comments | 31 tweets | 36 linkedin
Barclays and Citi test blockchain tech for equity swaps processingBarclays and Citi test blockchain tech for...
8234 views comments | 24 tweets | 16 linkedin
ING takes fintech startup route to UK relaunchING takes fintech startup route to UK rela...
6773 views comments | 29 tweets | 21 linkedin
Faster payments are taking overFaster payments are taking over
6506 views comments | 14 tweets | 15 linkedin

Featured job

Find your next job