Skip to: Content
Skip to: Site Navigation
Skip to: Search


Citigroup hacked: What to do if your account was compromised

Some 200,000 of Citigroup's bankcard customers had their accounts hacked. Most won't be responsible for fraudulent purchases, but cardholders should still take precautions.

By Ron SchererStaff writer / June 9, 2011

The Citibank logo is shown on a branch office in this April 11, 2007, file photo taken in New York. Citigroup Inc. said Thursday that hackers have accessed the credit card information of tens of thousands of its North American customers.

Mark Lennihan/AP/File

Enlarge

New York

Almost everyone has received US mail that comes in with a bank’s return address on the left-hand corner.

Skip to next paragraph

You might not want to throw it all in the trash, particularly if you have a Citigroup issued credit card.

The big bank says it is in the process of notifying more than 200,000 of its bankcard customers – some 1 percent of its total cardholders – who had their accounts hacked, probably in early May when the bank discovered someone was accessing names, account numbers, and contact information, including e-mail addresses.

The majority of its customers will receive new credit cards and are not responsible for any fraudulent purchases, says Citigroup spokesman Sean Kevelighan.

The data breach is the latest in a recent series of major intrusions into the computers of companies such as Sony, bulk mailer Epsilon, and RSA, which provides SecureID tokens for Internet security. Security experts say the intrusions show that the hackers are getting more sophisticated and harder to immediately detect since many of the companies had fairly sophisticated systems.

“I am afraid they are going to be more successful in the short term in seizing assets and information and disrupting business,” says Larry Poneomon, head of the Poneomon Institute in Traverse City, Mich. “It is a fait accompli.”

In an annual study, sponsored by Symantec, a computer security company, the Institute found the cost of computer intrusions was $214 per compromised record. If the breach included information such as lost Social Security numbers or personal identification numbers, it cost $353 per record.

Permissions

Read Comments

View reader comments | Comment on this story