Citigroup hacked, 200,000 accounts compromised

By on Jun 10, 2011 at 2:30 AM
Security June 10, 2011

On Thursday Citigroup announced that hackers had breached its systems in May and accessed personal data from 200,000 accounts — about 1% of its customers. The hackers managed to steal customer email addresses, contact information and account numbers, but Reuters reported that other information such as birth dates, Social Security Numbers and credit card expiration dates were not accessed. “We are contacting customers whose information was impacted. Citi has implemented enhanced procedures to prevent a recurrence of this type of event,” Citigroup spokesperson Sean Kevelighan, said. “For the security of these customers, we are not disclosing further details.” It is currently unclear who was responsible for the breach.

Read

Tags:
, , , , , , , , , ,
23 Comments

Related Articles

  • Anonymous

    Did Citi also sue Geohot? did I miss something?

    • http://identi.ca/LauRoman LaurenÈ›iu Roman

      Banks and other financial institution were already being hacked, not necesarily by Anonymus or LulzSec, it’s just now that more people are paying attention. They didn’t advertise it before just to appear more secure than competitors. That plus the fact that they are trying to blame it on such groups without investigation and without investment in security. An investment which they never did in the first place because it’s cheaper for them to deal with it after the fact rather then prevent it alltoghether.

      I really am not sympathetic to corporations like thesee that take the cheapest way possible and then create a shell company that will inherit all the liability and go bankrupt as soon as a litigation is filled against it.

      • 35YearsInSecurity

        … without investment in security? nonsense. there is no financial company out there today that is not making a major investment in security. Ever heard of PCI requirements?

        … it’s cheaper for them to deal with it after the fact  … more nonsense. no it isn’t. Are you aware of the stiff penalties imposed on companies that suffer a breach of personally identifiable information? It’s on a “per record” basis. 

        High profile companies suffer hundreds and thousands of hack and penetration attempts daily. A few succeed.  

        Nice try, but you can’t blame everything on the financial companies and half-baked conspiracy theories …

    • Anonymous

      They sent him too much junkmail.

  • http://www.droiddoes.com/ iNorm

    One could argue this is a play by the government to justify more authority over the Internet and to limit freedoms of everyone.

    • http://twitter.com/livingbasehead Shelton

      Wow, norm finally not saying something about how this is steve jobs fault… weird. 

  • Anonymous

    Banks really need to have this kind of data secured better. Hell, many online banks don’t allow a case sensitive password. It’s only a matter of time. 

    • sirpaul

      Many online banks? Care to give us all an example? I’m pretty sure all passwords nowadays are case-sensitive, especially that of a bank.

      • Anonymous

        Giving out examples would be a bad idea. If you don’t already know what banks don’t support case sensitive passwords (and ones longer than 12 characters), I’m not going to be the one screwing people over by putting that info out there. 

        Let’s just say that these banks are aware that they’ve presented a security threat, and haven’t done anything about it yet. 

      • sirpaul

        lol, like whether or not a bank employs case sensitive password auth. is top secret information…frankly, I don’t believe such a bank exists. And even if you did tell me, who cares…these hackers didn’t do a dictionary attack on 200k people…they hacked the website. That has nothing to do with passwords.

      • Guest

        I can give you an example. My account is with citibank and my password is 6-digit all lower case.

    • BZ

      @sirpaul:disqus yeah well your wrong.  i use bank of america and their passwords are not case sensitive.

      • Vml

        I use bank of america too (at least their credit cards) and their passwords are case sensitive.

      • 35YearsInSecurity

        … and they use a simple form of two-factor identification (what you have = password, and what you know = verify the picture that you’ve selected.)

  • Anonymous

    I’m so glad I don’t bank with Shitigroup, anymore!

    • Life

      I’m sure that you never had a bank account anywhere….

  • Anonymous

    Uggg this blows, I use Citibank for all my banking, pay a lot of bills online and have a CC with them.  Guess I will be keeping an eye out for that email.

  • Anonymous

    This is the futures.  With everyone’s personal data online in many databases (bank, paypal, iTunes, Sony, credit card, etc…) hackers are going to try and get at that info.  Every once in a a while they will be successful and people will get screwed.  It’s scary times we live in when our lives can be turned upside down because a geek in his mother’s basement wants to make a name for themself (even though it’s an alias).

    • 35YearsInSecurity

      um, today it’s more likely an attack from “organized crime,” than a pimply kid in his (or her) basement. 

  • Anonymous

    I missed the eternal memo, when did the hackathon officially commence? Seems kind of weird that all of a sudden the whole planet is being hacked.

    • Guest

      The memo that will last throughout the ages!

  • Anonymous

    Ouch, looks like citi got to comfortable in not hiring talented IT staff. 

  • 35YearsInSecurity

    And Citi has re-issued Credit Cards with new account numbers to all customers impacted by this breach (like me). They also provided information on credit monitoring, setting a fraud alert, and how to get a free credit report.

blog comments powered by Disqus