It is being reported that hackers have stolen the details of thousands of Citibank customers including their account details and personal information. As it turns out, this isn’t actually today’s news. This major security breach, resulting in the theft of personal information for nearly 200,000 Citibank customers, was actually stolen last month. You hadn’t heard? Neither have we, and that’s because Citibank chose to keep quiet about it until today.
Reuters is reporting that Citibank's systems were hacked, resulting in a loss of Personally Identifiable Information (PII). Citibank says that data for 1% of their cardholders was accessed through this breach, but customers' Social Security Numbers (SSNs), birth dates, card expiration dates and CVV codes are safe. Information that may have been disclosed to the hackers includes customers' names, account numbers, contact details and email addresses.
According to Citibank's website they are the world's largest provider of credit cards, issuing more than 150,000,000 cards globally, but since the breach was reported localized to North American customer data, only about 200,000 accounts were affected. I say “only” lightly, because this could have much, much worse if it weren’t localized to North American customers.
Customers affected by this incident should be on high alert for scams, phishing and phone calls purporting to be from Citibank and their subsidiaries. While Citi customers aren't likely to have fraudulent charges against their accounts as a result of this breach, they are likely to encounter social engineering attempts to enable further crime. Considering that the attackers have your name, account number and other sensitive information they are able to provide a very convincing cover story to victims.
For Citibank customers (and the rest of us alike), there are some things you should keep an eye out for. Never accept incoming communications purporting be from financial institutions you do business with, whether by email or phone call. Call them back using only the phone numbers published on your cards or statements. When logging in to perform online transactions, always enter their website address directly in your browser, never click links or shortcuts.
Citybank is just the latest company to be hit by hackers. The most high profile was electronics and gaming giant Sony, where the details of millions of customers were stolen. It is getting uglier out there, and there is no time like right now to get your personal security house in order, though in the case of both the Citibank and Sony attacks, it wouldn't have made a whole lot of difference.