A hacking attack of around 210,000 customers in Citibank accounts happened in May, but a belated alert finally reached customers Wednesday, when Citigroup admitted the breach. The company discovered the breach early last month through routine monitoring, finding that hackers had gained access to Citi's Account Online service. The names, account numbers and contact information including e-mail addresses have been stolen from what equals to 1% of Citibank customers in North America.
According to Citibank, Social Security numbers, birth dates, card expiration dates and the three-digit code remain safe. While this means that the hackers cannot access customer funds, the contact information is enough for scammers to try to elicit more information through targeted attacks, conducting pretty effective phishing expeditions. Using the email addresses, hackers could send phishing messages asking for sensitive information that develop further to identity theft and fraud. Customers can also be tricked through phone calls by callers pretending to be a legitimate financial institution's representative.
The affected Citibank customers should stay alert for scams, phishing and phone calls.
Citibank is not revealing how its online banking service, Citi Account Online, was compromised, and who was responsible for the breach. The website did not have any notification of the breach, but Citigroup is contacting affected customers.
Citibank has contacted law enforcement officials and placed measures to prevent further security breach, but the details will not be disclosed for the security of customers.