Citigroup Suffers Breach of Customer Information

Thursday, June 09, 2011



Officials from Citigroup have confirmed that an unauthorized network access event may have compromised the private account details of as many as two hundred thousand North American banking clients.

Representatives of Citigroup said they detected the breach of the Citi Account Online network in May through routine monitoring of the systems.

"A limited number - roughly 1 percent - of Citi North America bankcard customers' account information [such as name, account number and contact information, including e-mail address] was viewed," said Sean Kevelighan, head of communications and public affairs for Citigroup.

"The customer's Social Security number, date of birth, card expiration date and card security code [CVV] were not compromised. We are contacting customers whose information was impacted," Kevelighan said.

Citigroup immediately reported the security incident to law enforcement and regulatory authorities, but has not revealed any particular details of the data loss event.

Thus far, it appears that only credit card accounts were exposed in the breach, though some reports suggest that some debit card information may have been involved.

Citigroup officials are in the process of notifying customers who's data may have been exposed.

Guidelines require banks to immediately notify regulators in the event of a data breach, but do not require immediate notification of customers if there is a risk that the alert could compromise an investigation.

“For the actual breach to happen at a bank is a very big deal,” said Gartner's Avivah Litan.

So far, there have been no reports of stolen funds related to the incident. Citigroup indicated they have tightened security controls since the breach was discovered.

Possibly Related Articles:
Data Loss Banking Headlines Network Security Credit Cards Financial hackers breach Citigroup
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.