On Wednesday the details of the breach being discovered in early May were revealed by the US bank. The breach was found out after routine monitoring.
Citigroup Inc. is an American multinational financial services company based in New York City. Citigroup was formed from one of the world’s largest mergers in history by combining the banking giant Citicorp and financial conglomerate Travelers Group on April 7, 1998. Citigroup has the world’s largest financial services network, spanning 140 countries with approximately 16,000 offices worldwide.
According to the bank’s statement, about 1% of its cards were affected. Citigroup is one of the Big Four banks in the United States, along with Bank of America, JP Morgan Chase and Wells Fargo.Citi Cards has about 21 million clients in North America.
The breach was found out at Citi Account Online, where such information as customers’ names, account numbers and e-mail addresses is held.
Other information such as social security numbers, card expiration dates and card security codes was not affected.
The bank announced that it had contacted law enforcement officers. At the same time the bank refused to say whether its clients had noticed any suspicious transactions. According to 2005 Regulatory guidelines banks are not supposed to notify their clients about customer data breaches if thus they may compromise the investigation.
The spokesman said: “We are contacting customers whose information was impacted. Citi has implemented enhanced procedures to prevent a recurrence of this type of event”.
Citi reported that the breach affected only credit cards, but according to the Financial Times, that was first to report about the breach, some people said that their debit cards were also compromised.
Hacking attacks into companies have become quite common recently. For example, security systems of Sony and PBS have been violated. But the analysts say that these attacks are usually indirect as bank security systems are considered to be very secure. Such direct attacks like this are very unusual.
Avivah Litan, an analyst, said: ‘For the actual breach to happen at a bank is a very big deal’.