Hackers nab card data from 200,000 Citi customers (Update 2)

Jun 09, 2011 By PALLAVI GOGOI and KELVIN CHAN , AP Business Writers
The Citibank logo is shown on a branch office in this April 11, 2007 file photo taken in New York. Citigroup Inc. said Thursday June 9, 2011 that hackers have accessed the credit card information of tens of thousands of its North American customers. The New York-based bank didn't say exactly how many accounts were breached. (AP Photo/Mark Lennihan, File)

Citigroup Inc. has become the latest victim in a string of high-profile data thefts by hackers targeting some of the world's best-known companies.

The New York bank said Thursday that about 200,000 Citibank credit card customers in North America had their names, account numbers and email addresses stolen by hackers who broke into Citi's online account site.

The breach comes after data attacks in recent weeks have struck at companies including Internet search leader Google Inc., defense contractor Lockheed Martin Corp, and media and electronics company Sony Corp.

Citigroup said it discovered that account information for about 1 percent of its credit card customers had been viewed by hackers. Citi has more than 21 million credit card customers in North America, according to its 2010 annual report. The bank, which discovered the problem during routine monitoring, didn't say exactly how many accounts were breached. Citi said it was contacting those customers.

The bank said hackers weren't able to gain access to social security numbers, birth dates, card expiration dates or card security codes. That kind of information often leads to identity theft, where cyber criminals empty out bank accounts and apply for multiple credit cards. That can debilitate the finances and credit of victims. Citi customers could still be vulnerable other problems. Details about their bank accounts and financial information linked to them could be acquired using the email information and account numbers hackers stole.

Federal regulators have taken notice and are asking banks to improve security.

"Both banks and regulators must remain vigilant," said Sheila Bair, chair of the Federal Deposit Insurance Corporation. She said federal agencies, including the FDIC, are developing new rules to push banks to enhance online account access.

The Citi incident is only the latest data breach at a major company.

--On June 1, Google said that the personal Gmail accounts of several hundred people, including senior U.S. government officials, military personnel and political activists, had been breached.

--On May 30, broadcaster PBS confirmed that hackers cracked the network's website and posted a phony story claiming dead rapper Tupac Shakur was alive in New Zealand.

--On May 28, Lockheed Martin said it had detected a "significant and tenacious attack" against its computer networks. The company said it took swift and deliberate actions to protect the network and the systems remain secure.

--In April, Sony's PlayStation Network was shut down in April after a massive security breach that affected more than 100 million online accounts.

--Also in April, hackers penetrated a network operated by a data marketing firm Epsilon. The company handles email communications for companies like Best Buy Co. and Target Corp.

The number of data breaches in the last two months sets a "high water mark," said John Ottman, CEO of Application Security Inc., a New York-based firm that specializes in securing databases, the big repositories companies use to organize account information and other data.

"Attackers have realized that most organizations have not properly protected databases," Ottman said.

Cyber attackers have a variety of less-dangerous motivations, from mischief to online activism. For example, a group identifying itself as LulzSec claimed credit for the fake PBS article calling it retaliation for a documentary about WikiLeaks, the website that publishes classified documents.

But often such data breaches are an attempt to steal personal data, which is likely the case with Citi. Hackers also will pose as legitimate companies in a tactic known as "phishing," where they try to get users to supply additional information like social security numbers and email or bank passwords to get access to their financial information.

The fact that the Citi hackers only got a few pieces of personal data on customers may limit what crooks can do with the information, said Susan Grant, director of consumer protection at Consumer Federation of America, a consumer advocacy group.

"But any ID theft is worrisome for consumers," Grant said. She believes companies are responsible for protecting their customers' information from internal and external abuse.

In an emailed statement, Sean Kevelighan, a spokesman for Citi said the bank is contacting affected customers and enhancing procedures to prevent a similar security breach from happening again.

"For the security of these customers, we are not disclosing further details," he said.

Explore further: Twitter tries to block images of Foley killing

5 /5 (1 vote)
add to favorites email to friend print save as pdf

Related Stories

US banks, companies issue warning after email hack

Apr 04, 2011

Computer hackers gained access to the email addresses of customers of several large US banks and other companies in a potentially huge data breach at US online marketing firm Epsilon. ...

Citigroup says iPhone banking app stored data

Jul 26, 2010

(AP) -- Citigroup Inc. said Monday that its iPhone banking program has been saving customer account information in hidden files on users' smart phones and computers.

Sony says 25 million more accounts hacked

May 03, 2011

Sony Corp. said Monday that hackers may have taken personal information from an additional 24.6 million user accounts after a review of the recent PlayStation Network breach found an intrusion at a division that makes multiplayer ...

Hacked iTunes accounts for sale online in China

Jan 06, 2011

Hacked user accounts for Apple's iTunes Store are for sale on China's largest retail website Taobao, providing illegal access to credit card details for music and TV downloads, state media said Thursday.

Recommended for you

Twitter tries to block images of Foley killing

6 hours ago

Twitter and some other social media outlets are trying to block the spread of gruesome images of the beheading of journalist James Foley by Islamic State militants, while a movement to deny his killers publicity ...

User comments : 1

Adjust slider to filter visible comments by rank

Display comments: newest first

Sanescience
not rated yet Jun 09, 2011
Wonder if the uptick in attacks is related to new hardware manufacturing of net hub/switches that will close some of the security issues.

A kind of use it now before you loose it.