The company's Japanese credit card unit reported in a message to its user base that personal information of about 92,400 customers "has allegedly been obtained and sold to a third party illegally."
service provider Citigroup appears to be snake-bitten by security problems, and
not just through Web hacking.
Eight weeks after a hacker
cracked its credit card database, the company's credit card unit in Japan, Citi
Card, reported in a message to its user base Aug. 5 that "certain personal
information of about 92,400 customers has allegedly been obtained and sold to a
third party illegally."
This breach, however,
apparently did not involve online hacking. Citigroup told police that a person
involved in a company to which Citi Cards outsourced part of its business had
illicitly obtained the information and sold it to a third party.
Information made vulnerable
includes account numbers, names, addresses, phone numbers, dates of birth,
gender and the date the account was opened. Citi revealed that personal
identification numbers and security codes (CVV, or Card Verification Value,
data) were not compromised.
Despite the data theft, no
unauthorized use of the cards had been reported by the end of business on Aug.
5, the Kyodo News reported.
On June 15, Citigroup
reported in a letter to customers
that 360,083 credit card accounts were
accessed as a result of an online data breach. Citigroup originally reported
June 9 that "roughly 1 percent" of its 21 million credit card accounts had been
accessed by hackers, or about 210,000 accounts.
As a result of that attack,
Citi disclosed that hackers stole $2.7 million from about 3,400 customers in
North America in May following a major data breach. Citi was criticized for not
reporting the breach sooner.
eWEEK Senior Writer Fahmida Rashid contributed to this story.