Reuters is reporting that Citibank’s systems were hacked, resulting in a loss of Personally Identifiable Information (PII).
Citibank says that data for 1% of their cardholders was accessed through this breach, but customers’ Social Security Numbers (SSNs), birth dates, card expiration dates and CVV codes are safe.
Information that may have been disclosed to the hackers includes customers’ names, account numbers, contact details and email addresses.
According to Citibank’s website they are the world’s largest provider of credit cards, issuing more than 150,000,000 cards globally. Based on these numbers, information for 1,500,000 or more individuals may have been compromised.
In April Paul Gaulant, former head of the bank’s credit card unit, told Reuters, “Security breaches happen, they’re going to continue to happen … the mission of the banking industry is to keep the customer base safe and customers feeling secure about their financial transactions and payments.”
That may be true, but feeling secure is not the same as being secure. How this information was acquired and why it wasn’t protected against theft is a far more important question.
Citi has stated they will notify customers believed to be affected by the breach.
Customers affected by this incident should be on high alert for scams, phishing and phone calls purporting to be from Citibank and their subsidiaries.
While Citi customers aren’t likely to have fraudulent charges against their accounts as a result of this breach, they are likely to encounter social engineering attempts to enable further crime.
Considering that the attackers have your name, account number and other sensitive information they are able to provide a very convincing cover story to victims.
Never accept incoming communications purporting be from financial institutions you do business with, whether by email or phone call. Call them back using only the phone numbers published on your cards or statements. When logging in to perform online transactions, always enter their website address directly in your browser. Never click links.
Update: It has been confirmed that there are approximately 220,000 cardholders affected by this incident as it was limited to just US customers. The number above was based on all Citibank cardholders.