Data Theft: Citi Hack Affects its Customers
- Citi has recently had to face the theft to some 200,000 North American customer data (about 1% out of 21 million customers). The bank confirmed that a breach on its online banking service had been exploited in May, allowing data compromising: names, account numbers and e-mails were stolen.
- Citi explains that the dates of birth, social security numbers and confidential codes were not affected as they were stored elsewhere. Its customers have been informed of this incident. If the information reported by the New York Times is correct, the customers’ account numbers were displayed in clear in the URL bar.
- Customers who had their account compromised will receive new bank cards; measures were taken to prevent potential embezzlements (fraud detection tools and prevention measures). According to Sophos, fraudsters could take advantage of this information in large scale identity usurpation campaigns. As the compromised accounts have been identified, embezzlements are very unlikely.
- This case reminds us of former affairs: the case of the US processor Heartland Payment Systems which was settled in 2010, but also the issues raised by even older cases (TJX Companies and CardSystems Solutions).
See May 2010 Watch