We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Citigroup breach exposed data on 210,000 customers

The breach, which took place in early May, exposed names, account numbers and e-mail addresses

Citigroup admitted on Wednesday that an attack on its website allowed hackers to view customers' names, account numbers and contact information such as e-mail addresses for about 210,000 of its cardholders in North America.

Citigroup did not say how the website, Citi Account Online -- which is used by its customers to manage their cards -- was compromised but that the discovery came through its "routine monitoring." The bank discovered the breach, which was first reported in Thursday's Financial Times, early last month.

Other customer information, such as Social Security numbers, birthdates, card expiration dates and the three-digit code on the back of the card, were not exposed, the company said.

"Citi has implemented enhanced procedures to prevent a recurrence of this type of event," said Sean Kevelighan, head of communications and public affairs for Citigroup's North America Consumer Banking division in a statement. "For the security of these customers, we are not disclosing further details."

The affected customers are being contacted by Citigroup. However, the Citi Account Online website did not have a notification of the breach on its front page on early Thursday morning.

The Financial Times reported that several card customers only found out about the issue last weekend when transactions using their card were denied, raising questions about Citigroup's notification procedures.

Although hackers may have not gained complete information on cardholders, the contact information is enough for scammers to try and elicit more information through targeted attacks.

The e-mail addresses, for example, could be used to send "phishing" messages asking for other sensitive information which could potentially give identity thieves enough to start committing fraud.

Phishing can also be done over the phone, with the caller impersonating someone in authority and tricking a victim into thinking they're talking to a legitimate financial institution's representative.

Send news tips and comments to [email protected]


IDG UK Sites

Where to buy iPhone 6 and iPhone 6 Plus in the UK: Launch day price, deals and contracts

IDG UK Sites

Is Apple losing confidence in itself?

IDG UK Sites

Professional photo and video techniques for perfect colours

IDG UK Sites

How (and where) to buy an iPhone 6 or iPhone 6 Plus in the UK. Plus: What to do if you pre-ordered...