Over 200,000 Citi credit card customers will get brand new cards in the mail this month, but not because their old cards expired. In statements to Reuters and to the Wall Street Journal, an unnamed Citi spokesperson confirmed that about 1 percent of the bank's credit card accounts had been compromised after a hacking attack in May.
The spokesperson revealed that hackers obtained names, email addresses and account numbers from compromised servers. However, the hackers failed to gain deeper access to cardholders' personal information.
Citi's fraud protection measures
According to the Citi spokesperson, the bank has already implemented its standard fraud detection and prevention measures to protect affected cardholders. Citi will expedite the delivery of tens of thousands of replacement cards to accountholders who have experienced fraudulent purchases or who request card replacement under the terms of their cardholder agreements.
According to software security firm Sophos, cyber criminals prefer to use hacked accounts as the foundation for broader identity theft attempts. Credit card numbers without expiration dates or embedded security codes offer little value to criminals, especially when fraud prevention teams can quickly deactivate hijacked accounts.
However, "phishers" with access to account numbers and key personal details can craft effective social engineering messages that fool victims into revealing account passwords, Social Security numbers, and other sensitive information.
Citi defends timing
A BBC news report noted that the bank had received criticism for waiting to inform customers of the security breach. The Citi spokesperson told the Wall Street Journal that it had discovered the hacking incident during a routine security monitoring program, and that the bank would decline to release further details.
The spokesperson added that Citi has already implemented enhanced security measures to prevent the same issue from recurring.