Citigroup has acknowledged that a security breach last month gave hackers access to the account information of hundreds of thousands of its credit card customers.
The breach, which affected around 1% of Citi's U.S. customers, is the latest in a string of high profile attacks against big companies like Lockheed Martin, Epsilon, Google and Sony.
The issue was detected during routine monitoring in early May but it was only this week that the company began notifying customers. Citigroup did not release any information about the potential source of its breach, claiming they have been in contact with law enforcement but are not disclosing further details.
According to reports, the hackers were able to access general account information such as names, account numbers and email addresses, but the breach did not extend to Social Security numbers, dates of birth and credit card security codes. Neither Citigroup's debit card business nor its online banking operations were breached, apparently.
It's unclear if unauthorized charges have occurred so far, but naturally customers will not be liable for any misuse of their accounts. Affected customers are currently being notified and will receive replacement cards soon.
With hackers actively probing corporate networks for weaknesses, it seems customers are at the mercy of the entities that hold their information to have proper systems in place. The fact that the latest breach involves a bank is a big deal, but it is not the first time it's happened. According to the New York Times, there have been 288 publicly disclosed breaches at financial services companies exposing at least 83 million customer records over the last 6 years.
It isn't even the first time affecting Citigroup. In 2006, the group acknowledged that customer information had been breached through a third-party, and was forced to block PIN-based transactions for customers in Canada, Russia, and the United Kingdom. There were allegations of another breach in 2009 but Citi executives denied those claims.