Citigroup hacked: What to do if your account was compromised

What cardholders should do

For individuals, the largest risk is “spear phishing” by the criminals who stole the information. Once they have an individual’s e-mail address, plus a name, they can send a letter that almost sounds like it came from a financial institution.

Poneomon says the typical letter, written on the letterhead of the financial institution, will ask for passwords, PIN numbers, and other sensitive data which would normally not be given to anyone. “These are high probability attacks,” he says, “that lead to a set of information that can be monetized.”

In Citi’s case, the bank says it will send out notification letters to people who have had their accounts compromised. The bank does not normally notify people by e-mail.

“If you get an e-mail from Citi, assume it’s a fake,” says Poneomon.

Fortunately, the customers’ Social Security numbers, dates of birth, card expiration data, and card security codes were not part of the theft.

Call Citi for 'peace of mind'

Nonetheless, credit card expert Bill Hardekopf of LowCards.com says if someone wants “peace of mind” they might call Citi to ask if their card was compromised.

“Candidly, if your account was not affected, you don’t have anything else to do,” he says. “If your account was not hacked, you don’t need to push the panic button.”

On an ongoing basis, Mr. Hardekopf suggests changing passwords on a regular basis, monitoring debit and credit-card activity, and not e-mailing confidential information such as your mother’s maiden name, your birthdate, and your pet’s name.

Attacks from afar

Although the data breaches are taking place so often, many of the hackers elude the criminal justice system. That’s because they can be operating anywhere in the globe from Eastern Europe to China to Vietnam.

“The odds are good they are somewhere far away,” says Poneomon.

As for Citi, it says it has enhanced security so the problem does not happen again.

Previous

1 | 2