Citigroup hit by second data breach in four months


Citigroup hit by second data breach in four months

Warwick Ashford

Citigroup has confirmed the personal data of over 92,000 customers of Citi Cards Japan (CCJ) has been obtained illegally and sold to a third party in the second breach in the Citigroup fold in the past four months.

Information was allegedly obtained by a supplier and includes account number, name, address, phone numbers, date of birth, gender and date the account was opened. But Citigroup said security information, including personal identification numbers (PINs) and card security codes, was not included and the breach affects CCJ customers only.

Citigroup claimed the risk of fraud is minimal due to the absence of security information. However the bank added that it is monitoring all accounts for suspicious credit card transactions.

CCJ is informing all customers affected by letter and on its website, and has undertaken to re-issue credit cards if requested.

Citigroup has also promised to take "firm action" against parties involved in the information theft, but has given no details of how the customer information was stolen.

In June, the company was forced to re-issue cards to many of the 360,000 Citi Cards customers in the US affected by a breach of Citigroup’s online accounts system in May.

Citigroup Bank investigators found hackers had accessed customer details, including name, account number and contact information. As in the latest breach in Japan, the bank said the data critical to commit fraud, such as the card security code, was not compromised.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy