Citigroup hacked: What to do if your account was compromised
Some 200,000 of Citigroup's bankcard customers had their accounts hacked. Most won't be responsible for fraudulent purchases, but cardholders should still take precautions.
(Page 2 of 2)
Probably, one of the most expensive breaches was the 2005 data break-in at TJX Corporation, the parent of T.J. Maxx, the discount retailer. Cyberthieves stole 46.5 records, including a lot of credit card information. The company says the theft cost it about $160 million through its fourth quarter.Skip to next paragraph
Subscribe Today to the Monitor
What cardholders should do
For individuals, the largest risk is “spear phishing” by the criminals who stole the information. Once they have an individual’s e-mail address, plus a name, they can send a letter that almost sounds like it came from a financial institution.
Poneomon says the typical letter, written on the letterhead of the financial institution, will ask for passwords, PIN numbers, and other sensitive data which would normally not be given to anyone. “These are high probability attacks,” he says, “that lead to a set of information that can be monetized.”
In Citi’s case, the bank says it will send out notification letters to people who have had their accounts compromised. The bank does not normally notify people by e-mail.
“If you get an e-mail from Citi, assume it’s a fake,” says Poneomon.
Fortunately, the customers’ Social Security numbers, dates of birth, card expiration data, and card security codes were not part of the theft.
Call Citi for 'peace of mind'
“Candidly, if your account was not affected, you don’t have anything else to do,” he says. “If your account was not hacked, you don’t need to push the panic button.”
On an ongoing basis, Mr. Hardekopf suggests changing passwords on a regular basis, monitoring debit and credit-card activity, and not e-mailing confidential information such as your mother’s maiden name, your birthdate, and your pet’s name.
Attacks from afar
Although the data breaches are taking place so often, many of the hackers elude the criminal justice system. That’s because they can be operating anywhere in the globe from Eastern Europe to China to Vietnam.
“The odds are good they are somewhere far away,” says Poneomon.
As for Citi, it says it has enhanced security so the problem does not happen again.