News

Citigroup acknowledges data security breach

Robert Westervelt, News Director

Citigroup Inc. has publicly acknowledged a breach of its systems that exposed the data of about 200,000 bank card holders in North America.

Citi said the information stolen by hackers include account numbers, email addresses, phone numbers and other sensitive data. Details about the breach are scarce. The Financial Times reported the breach was discovered by the bank in early May.

Citi said the breach was contained. The attackers did not have access to other identifying data such as birth dates, Social Security numbers and card expiration dates. The bank said card security codes (CVV) were not compromised.

"We are contacting customers whose information was impacted. Citi has implemented enhanced procedures to prevent a recurrence of this type of event," Sean Kevelighan, a U.S.-based spokesman, told Reuters by email.

The breach is one in a string of high-profile data breaches that began with the attack

Requires Free Membership to View

on RSA, The Security Division of EMC Corp. That breach exposed information on its SecurID two-factor authentication product.

Several government contactors including L-3 Technologies, Lockheed Martin and Northrup Grumman have announced attacks on their systems. All of the attacks have been contained. RSA confirmed an element of SecurID was used in the Lockheed attack.

A massive breach at Epsilon Data Management LLC, a firm that handles email messaging for large enterprises, including 150 banks, exposed the names and email addresses of tens of thousands of people. Sony has also been bolstering the security of its systems after several successful attacks exposed the personal information on more than 100 million PlayStation Network and Qriocity accounts.