Citi says hackers access bank card data

Powered by SC Magazine
 

In "early May".

Citigroup said computer hackers breached the bank's network and accessed the data of about 200,000 bank card holders in North America, the latest of a string of cyber attacks on high-profile companies.

Citi said the names of customers, account numbers and contact information, including email addresses, were viewed in the breach, which the Financial Times said was discovered by the bank in early May.

However, Citi said other information such as birth dates, social security numbers, card expiration dates and card security codes (CVV) were not compromised.

"We are contacting customers whose information was impacted. Citi has implemented enhanced procedures to prevent a recurrence of this type of event," Sean Kevelighan, a US-based spokesman, said by email.

"For the security of these customers, we are not disclosing further details."

In the brief email statement, Citi did not say how the breach had occurred.

Another Citi spokesman, James Griffiths in Hong Kong, said the breach had affected 1 percent of North American card customers, which the bank's annual report says total 21 million.

But like Japanese electronics and entertainment group Sony, which has declared several security breaches of its networks this year, Citi could come under fire for not telling customers sooner.

"It may be the bank's business, but it's the consumer's personal information so consumers deserve to be told about security breaches immediately," said Dan Simpson, a spokesman for Australia's Consumer Action Law Centre, an advocacy group.

"It's hard to see any reason why this sort of breach couldn't have been disclosed much sooner."

 

Citigroup joins a growing list of companies that have suffered cyber attacks.

Data storage firm EMC Ltd this week offered to replace millions of electronic keys after hackers used data from its RSA security division to break into the network of arms supplier and information technology provider Lockheed Martin.

Sony has reported several attacks, including one in which hackers accessed the personal information on 77 million PlayStation Network and Qriocity accounts.

Sony was criticised for a delay in telling account holders that their information had been stolen by hackers.

Google last week revealed a major attack on its Gmail accounts targeting, among others, senior US government officials that it said appeared to originate in China.

Washington has scrambled to assess if security had been compromised by the raid on Google's Gmail system, reflecting increasing concerns among global policymakers about cyber security.

Citi said it had discovered the unauthorized access at Citi Account Online, an online banking service, through routine monitoring.

"It's definitely a serious security breach when that amount of data's been stolen from a bank," said Sydney-based Ty Miller, chief technology officer of Pure Hacking, a network security company.

Citigroup global enterprise payments head Paul Galant, who previously ran the bank's credit card unit, said in April that security breaches are a fact of life for financial institutions.

"Security breaches happen, they're going to continue to happen ... the mission of the banking industry is to keep the customer base safe and customers feeling secure about their financial transactions and payments," he told Reuters in an interview.

(Additional reporting by Abhishek Takle and Renju Jose in Bangalore and Sonali Paul in Melbourne; Editing by Vinu Pilakkott and Neil Fullick)


Citi says hackers access bank card data
 
 
 
Top Stories
Meet FABACUS, Westpac's first computer
GE225 operators celebrate gold anniversary.
 
NSW Govt gets ready to throw out the floppy disks
[Opinion] Dominic Perrottet says its time for government to catch up.
 
iiNet facing new copyright battle with Hollywood
Fighting to protect customer details.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
In which area is your IT shop hiring the most staff?




   |   View results
IT security and risk
  25%
 
Sourcing and strategy
  12%
 
IT infrastructure (servers, storage, networking)
  22%
 
End user computing (desktops, mobiles, apps)
  15%
 
Software development
  26%
TOTAL VOTES: 329

Vote
Would your InfoSec team be prepared to share threat data with the Australian Government?

   |   View results
Yes
  57%
 
No
  43%
TOTAL VOTES: 136

Vote