Report: Hackers accessed Citigroup customer data

Hackers may have gained access to the personal data of hundreds of thousands of bank card customers.

Steven Musil Night Editor / News

Steven Musil is the night news editor at CNET News. He's been hooked on tech since learning BASIC in the late '70s. When not cleaning up after his daughter and son, Steven can be found pedaling around the San Francisco Bay Area. Before joining CNET in 2000, Steven spent 10 years at various Bay Area newspapers.

Expertise I have more than 30 years' experience in journalism in the heart of the Silicon Valley.

See full bio

Steven Musil

June 8, 2011 11:50 p.m. PT

2 min read

Citigroup said today that hackers breached the bank's network and may have gained access to the personal data of hundreds of thousands of bank card customers.

Customer names, account numbers, and contact information, including e-mail addresses, were accessed during the breach, which was discovered in May during routine monitoring. However, no Social Security numbers, birth dates or security codes were accessed, Citi said.

Citi said the breach affected about 1 percent of its 21 million customers.

"We are contacting customers whose information was impacted," Citi spokesperson Sean Kevelighan said in a statement. "Citi has implemented enhanced procedures to prevent a recurrence of this type of event. For the security of these customers, we are not disclosing further details."

The breach, which was first reported by the Financial Times, adds Citi's name to a growing list of companies that has suffered an intrusion in recent months.

RSA, the company sells SecurID tokens that are used by corporations, organizations, and government agencies to allow workers to remotely access a sensitive network securely, announced in March that it was victimized by an "extremely sophisticated cyberattack" in which sensitive data related to the SecurID technology had been pilfered.

In April, Sony warned 77 million customers that their personal information, including names, addresses, e-mail addresses, birthdays, PlayStation Network and Qriocity passwords, and usernames, as well as online user handles, had been obtained illegally by an "unauthorized person" between April 17 and 19. Less than a week later, Sony announced that data of more than 24 million Sony Entertainment Online customers had also been exposed.

Google revealed earlier this month that it had "detected and disrupted" a plan to break into hundreds of Gmail accounts through a series of phishing attacks. The targets of the attacks included top government officials from the U.S. and several Asian countries, along with journalists, political activists, and military personnel.

Updated June 9 at 9 a.m. PT with statement from Citi.