Citigroup Hit Again by Security Breach

By Chris Preimesberger  |  Posted 2011-08-05 Print this article Print

The company's Japanese credit card unit reported in a message to its user base that personal information of about 92,400 customers "has allegedly been obtained and sold to a third party illegally."

Multinational financial service provider Citigroup appears to be snake-bitten by security problems, and not just through Web hacking.

Eight weeks after a hacker cracked its credit card database, the company's credit card unit in Japan, Citi Card, reported in a message to its user base Aug. 5 that "certain personal information of about 92,400 customers has allegedly been obtained and sold to a third party illegally."

This breach, however, apparently did not involve online hacking. Citigroup told police that a person involved in a company to which Citi Cards outsourced part of its business had illicitly obtained the information and sold it to a third party. 

Information made vulnerable includes account numbers, names, addresses, phone numbers, dates of birth, gender and the date the account was opened. Citi revealed that personal identification numbers and security codes (CVV, or Card Verification Value, data) were not compromised.

Despite the data theft, no unauthorized use of the cards had been reported by the end of business on Aug. 5, the Kyodo News reported. 

On June 15, Citigroup reported in a letter to customers that 360,083 credit card accounts were accessed as a result of an online data breach. Citigroup originally reported June 9 that "roughly 1 percent" of its 21 million credit card accounts had been accessed by hackers, or about 210,000 accounts.

As a result of that attack, Citi disclosed that hackers stole $2.7 million from about 3,400 customers in North America in May following a major data breach. Citi was criticized for not reporting the breach sooner.

eWEEK Senior Writer Fahmida Rashid contributed to this story.


Chris Preimesberger Chris Preimesberger was named Editor-in-Chief of Features & Analysis at eWEEK in November 2011. Previously he served eWEEK as Senior Writer, covering a range of IT sectors that include data center systems, cloud computing, storage, virtualization, green IT, e-discovery and IT governance. His blog, Storage Station, is considered a go-to information source. Chris won a national Folio Award for magazine writing in November 2011 for a cover story on and CEO-founder Marc Benioff, and he has served as a judge for the SIIA Codie Awards since 2005. In previous IT journalism, Chris was a founding editor of both IT Manager's Journal and and was managing editor of Software Development magazine. His diverse resume also includes: sportswriter for the Los Angeles Daily News, covering NCAA and NBA basketball, television critic for the Palo Alto Times Tribune, and Sports Information Director at Stanford University. He has served as a correspondent for The Associated Press, covering Stanford and NCAA tournament basketball, since 1983. He has covered a number of major events, including the 1984 Democratic National Convention, a Presidential press conference at the White House in 1993, the Emmy Awards (three times), two Rose Bowls, the Fiesta Bowl, several NCAA men's and women's basketball tournaments, a Formula One Grand Prix auto race, a heavyweight boxing championship bout (Ali vs. Spinks, 1978), and the 1985 Super Bowl. A 1975 graduate of Pepperdine University in Malibu, Calif., Chris has won more than a dozen regional and national awards for his work. He and his wife, Rebecca, have four children and reside in Redwood City, Calif.Follow on Twitter: editingwhiz

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel