The security breach affects a number of credit card customers, with names, email addresses and account numbers making up the haul of stolen data. The good news here is that Citibank has confirmed that other data (including dates of birth, PINs and other sensitive information) is stored elsewhere and has not been leaked.
Citibank have released a statement in the wake of the breach:
During routine monitoring, we recently discovered unauthorized access to Citi’s Account Online. A limited number – roughly one percent – of Citi bankcard customers’ account information (such as name, account number and contact information including email address) was viewed.
Any affected Citibank customers will be contacted directly, the firm says:
We are contacting customers whose information was impacted. Citi has implemented enhanced procedures to prevent a recurrence of this type of event. For the security of these customers, we are not disclosing further details.
Speaking on the Sophos Naked Security blog, Christopher Wisniewski warned:
Customers affected by this incident should be on high alert for scams, phishing and phone calls purporting to be from Citibank and their subsidiaries. While Citi customers aren’t likely to have fraudulent charges against their accounts as a result of this breach, they are likely to encounter social engineering attempts to enable further crime. Considering that the attackers have your name, account number and other sensitive information they are able to provide a very convincing cover story to victims.
Do you bank with Citibank? Are these security breaches a bit too frequent now? Sub-par security or overly aggressive hackers? You decide in the comments below!