International Citibank Customers Shaken By Data Breach - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Business & Finance

International Citibank Customers Shaken By Data Breach

Bank halts PIN-based transactions in three countries after customer data is compromised at a third-party company.

Citibank, the consumer and corporate banking arm of Citigroup Inc., confirmed Wednesday that the bank and its customers were the victims of a third-party company information breach that has forced the bank to block PIN-based transactions for customers in Canada, Russia, and the U.K.

The bank did not disclose when the breach occurred. Once alerted to the breach, the company "began enhanced monitoring of the affected accounts for fraud" and in mid-February detected several hundred fraudulent cash withdrawals in the three countries, the company said in a statement. Citibank proceeded to block all transactions in those countries that rely on PIN authentication.

"We are in the process of contacting affected customers individually and issuing new cards," the company's statement said. "We can provide new cards to customers affected by this third-party breach anywhere in the world they may be traveling."

Citibank wouldn't name the third-party business whose systems were breached. The bank also didn't specify how or when its affected customers were notified that they could no longer make PIN-based transactions. Some Citibank customers have used blogs to relate their experiences dealing with the bank. One Canadian, through a blog entry dated March 5th, noted that he found out about the problem after an ATM transaction was denied, rather than through official notification from his bank.

This isn't Citigroup's first brush with data insecurity. In June, the bank revealed that a box of unencrypted tapes containing information on 3.9 million customers was lost in transit. Citigroup shipped the box May 2nd via UPS Inc., but it never arrived at its destination, an Experian credit bureau in Texas. The tapes contained names, Social Security numbers, account numbers, and payment histories of CitiFinancial customers.

Citigroup is by no means alone in its inability to protect customer data. In fact, the list is extensive and growing. Ameriprise Financial in January revealed that unencrypted data, including Social Security numbers of 226,000 customers and employees, was stolen from a laptop. Some H&R Block customers rang in the New Year by finding out that their Social Security numbers were included in the tracking number used to mail them packages containing the company's TaxCut software. Kaiser Permanente last year was fined $200,000 for a data breach that affected 150 customers.

These highly publicized embarrassments are beginning to have some affect on how companies handle customer data. In February, Citigroup, Bank of America Corp., Bank of New York Co., J.P. Morgan Chase & Co., U.S. Bancorp, and Wells Fargo & Co., plus major auditors and service providers, released a common methodology that financial services companies could use to assess service provider security. BITS, a consortium backed by the financial services industry, developed the methodology after studying service providers including Acxiom, First Data, IBM, Viewpointe Archive Services, and Yodlee. The goal is to give service providers consistent demands and make them live up to them. Banks are cooperating because they know the alternative: fines, lawsuits, and a tarnished image that can't be easily fixed.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
2021 State of ITOps and SecOps Report
2021 State of ITOps and SecOps Report
This new report from InformationWeek explores what we've learned over the past year, critical trends around ITOps and SecOps, and where leaders are focusing their time and efforts to support a growing digital economy. Download it today!
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

10 Things Your Artificial Intelligence Initiative Needs to Succeed
Lisa Morgan, Freelance Writer,  4/20/2021
Tech Spending Climbs as Digital Business Initiatives Grow
Jessica Davis, Senior Editor, Enterprise Apps,  4/22/2021
Optimizing the CIO and CFO Relationship
Mary E. Shacklett, Technology commentator and President of Transworld Data,  4/13/2021
Register for InformationWeek Newsletters
Current Issue
Planning Your Digital Transformation Roadmap
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll