Citigroup hacked, customer data exposed

HONG KONG - Citigroup Inc. said Thursday that hackers accessed the credit card information of North American customers, in an online security breach affecting about 200,000 accounts.

The bank said it recently discovered during routine monitoring that account information for about 1 percent of customers was viewed.

Citi has more than 21 million credit card customers in North America, according to its 2010 annual report. The New York-based bank didn't say exactly how many accounts were breached.

The hackers were able to gain access to Citi's Account Online service to view customer names, their account numbers and contact information including email addresses.

They weren't able to gain access to social security numbers, birth dates, card expiry dates or card security codes.

The Citigroup online security breach comes on the heels of the high profile hacker attacks against multiple Sony Corp. sites. An attack against Sony's PlayStation Network site affected more than 100 million online accounts and forced the site to temporarily shutdown.

Sean Kevelighan, a spokesman for Citi's North America Consumer Banking division, said in an emailed statement that Citi is contacting customers who were affected and is putting in procedures to prevent the security breach happening again.

"For the security of these customers, we are not disclosing further details," he said.

The hacker attack was first reported by the Financial Times.

[kbbpll]

The quote should really be "To avoid embarassing ourselves, we are not disclosing further details".

SQL injection attack perhaps? There's no reason other than embarrassment not to release further details, because hackers know all the tricks already. Perhaps some public humiliation would help convince other companies' security teams to not do the same stupid things as you?

[Socialization]

I may be wrong, but I think these may be the same hackers that Anthony Weiner talked about...

Just a thought.....

[Mikey_Mo]

In this digital online world, the bankers could be the hackers for all we know and with Govt. protection, especially if there losing profits. Geez what perfect crime. Best way to rob a bank is to be one.
Hello People let me invest that for you, ok there we go, OOPS ITS GONE! LOL

[rodwally]

There's nothing in this story to indicate why the dateline is Hong Kong. Citigroup's hq is in New York. This is truly rotten, careless reporting.

[cbsblogger]

Until the corporations that are entrusted to hold our personal data are held financially accountable this is never going to end, and these banks, etc are never going to invest in needed security.

If a law was passed that bank CEOs would be held personally accountable for security breaches you can bet they would then put needed emphasis on OUR data security.

They leak it and then it becomes our problem. It should become very costly to them when this happens and customers should receive thousands for their time and privacy exposure.

[cbsnacilbuper]

After all the money Obama has given them you think they could afford a good firewall.

[Unsilent_Majority]

Hacked? Hmmmm....and just where was Anthony Weiner while all this was going down?

[mask2697]

busy asking tiger woods how he got away with it for so long