Citigroup says $2.7 mn stolen in May cyber attack

27 Jun 2011

Citigroup acknowledged that last month's cyber attack lead to millions of dollars being stolen from customers' credit card accounts.

The New York-based US banking giant told CNN that about $2.7 million was stolen from about 3,400 accounts in the 10 May cyber attack that breached its online account system.

Citigroup said last month that the breach affected about 1 per cent of its 21 million customers, or about 210,000 customers. The bank later raised the number to 360,083.

The bank said that customers would not be responsible from financial losses stemming from the attacks. ''Customers are not liable for any fraud on the accounts and are 100 per cent protected,'' the bank said.

Citigroup announced on 15 June that its Citi-branded credit card accounts were hacked and the breach was discovered as part of routine monitoring and immediately rectified. While Citi Cards' Account Online system was compromised, the main cards processing system and other Citi consumer banking online systems were not.

The customers' account information such as name, account number and contact information, including email address was viewed. However, data that is critical to commit fraud was not compromised like the customers' social security number, date of birth, card expiration date and card security code.

While the investigation was underway, Citigroup began to notify customers and replace affected customers' credit cards. Notification letters were sent from 3 June, the majority of which included reissued credit cards.

The hacking is the latest in a series of embarrassing attacks on US companies and organisations. Hackers have so far attacked the International Monetary Fund, Lockheed Martin Corp, Google, Michaels Stores and even the US Senate.