Attacks/Breaches
6/9/2011
10:33 AM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%
Repost This

Citibank Hacked, Some 200,000 Credit Card Numbers Exposed

Citi's North America Account Online system breached

The breach goes on: Citibank today became the latest in a string of high-profile businesses in the past few weeks to report it had been hacked, with some of its customers' personal information exposed.

A Citibank spokesperson says early last month the company discovered that its Citi North America Account Online's system, which contains information on all of its North American customers, had been infiltrated.

"During routine monitoring, we recently discovered unauthorized access to Citi’s Account Online. A limited number -- roughly one percent -- of Citi North America bankcard customers’ account information (such as name, account number and contact information including email address) was viewed. The customer’s social security number, date of birth, card expiration date and card security code (CVV) were not compromised. We are contacting customers whose information was impacted. Citi has implemented enhanced procedures to prevent a recurrence of this type of event. For the security of these customers, we are not disclosing further details," the spokesperson said in an email response.

Citi has some 21 million cardholders in North America, which would mean that 200,000 or so were compromised based on its estimate of 1 percent. The bank is contacting those account holders, and would not elaborate on what security measures it had taken or how the attackers got inside.

Given that no CVV codes, expiration dates, birth dates, or social security numbers were exposed, that's good news for initial fraud possibilities. But phishing and social engineering attacks against the affected Citi customers are the biggest threats, experts say.

Sophos analyst Chester Wisniewski warns that Citi customers whose accounts were breached should be on the lookout for these types of scams. "Considering that the attackers have your name, account number and other sensitive information they are able to provide a very convincing cover story to victims," he said in a blog post today. "Never accept incoming communications purporting be from financial institutions you do business with, whether by email or phone call. Call them back using only the phone numbers published on your cards or statements. When logging in to perform online transactions, always enter their website address directly in your browser. Never click links."

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Kelly Jackson Higgins is Senior Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise Magazine, ... View Full Bio

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-3946
Published: 2014-04-24
Cisco IOS before 15.3(2)S allows remote attackers to bypass interface ACL restrictions in opportunistic circumstances by sending IPv6 packets in an unspecified scenario in which expected packet drops do not occur for "a small percentage" of the packets, aka Bug ID CSCty73682.

CVE-2012-5723
Published: 2014-04-24
Cisco ASR 1000 devices with software before 3.8S, when BDI routing is enabled, allow remote attackers to cause a denial of service (device reload) via crafted (1) broadcast or (2) multicast ICMP packets with fragmentation, aka Bug ID CSCub55948.

CVE-2013-6738
Published: 2014-04-24
Cross-site scripting (XSS) vulnerability in IBM SmartCloud Analytics Log Analysis 1.1 and 1.2 before 1.2.0.0-CSI-SCALA-IF0003 allows remote attackers to inject arbitrary web script or HTML via an invalid query parameter in a response from an OAuth authorization endpoint.

CVE-2014-0188
Published: 2014-04-24
The openshift-origin-broker in Red Hat OpenShift Enterprise 2.0.5, 1.2.7, and earlier does not properly handle authentication requests from the remote-user auth plugin, which allows remote attackers to bypass authentication and impersonate arbitrary users via the X-Remote-User header in a request to...

CVE-2014-2391
Published: 2014-04-24
The password recovery service in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 makes an improper decision about the sensitivity of a string representing a previously used but currently invalid password, which allows remote attackers to obtain potent...

Best of the Web