Citi Bank Breach Affects 200k Customers

A little late, but the interviews have kept me busy.  Citigroup has acknowledged that a computer breach may have given hackers access to hundreds of thousands of bank card customers’ data.  The US bank revealed details of the breach on Wednesday, discovered in early May through routine monitoring.  The breach occurred at Citi Account Online, used by its customers to manage their cards, compromising the names, account numbers and contact information of some 200,000 customers.

The bank did not reveal how the intrusion occurred, but says that it “has implemented enhanced procedures to prevent a recurrence of this type of event”, has contacted law enforcement and tightened its fraud detection procedures.  It remains unclear whether any customers reported suspicious transactions.  Citi Bank is reaching out to customers, warning them about the possibility of being targeted with spear phishing emails and downloading banking Trojans and other malware.

As a result of this and other recent breaches, major US banks are coming under increasing pressure from regulators to improve the security of customer accounts.  While Citigroup insisted the breach had been limited, many are calling it the largest direct attack on a major US financial institution, and say that it could prompt an overhaul of the banking industry’s data security measures.

The Federal Deposit Insurance Corp, the nation’s primary regulator, is preparing new measures on data security.  Its chairman Sheila Bair said on Thursday she may ask “some banks to strengthen their authentication when a customer logs onto online accounts.”