The latest hacker attack found its way into the account of about 200,000 Citibank credit card customers in North America. Citigroup Inc. revealed that the account information of about 1 percent of its card holders were stolen. They discovered the problem while conducting a routine monitoring.
However, Citibank said that the hacker was not able to breach the social security numbers, birth dates, card expiry dates, or card security codes. Cyber criminals who gain access to credit card information can empty out accounts and make multiple credit card applications which can affect the account holder’s finances and credit rating.
The hacker attack in Citibank is the latest in a series of high-profile data breach against several firms. Just this month, Google Inc. revealed that personal Gmail accounts of several hundred people, including US government officials, military personnel and political activists have been accessed.
The number of data breaches in the past couple of months sets a “high water mark,” according John Ottoman, CEO of Application Security Inc., a New-York based firm specializing in securing databases. He said that attackers have recognized that most organizations have not discovered how to properly protect their databases.
Data breaches are more often attempts for identity theft, such as what happened to Citi. Using a tactic called “phishing” the hacker will front themselves as legitimate companies making users provide additional information such as social security numbers, e-mail address, or bank passwords.
According to Susan Grant, Director of Consumer Protection at Consumer Federation of America, the limited personal information that the hackers got from Citibank restricts what cyber criminals can do with the data. She said that having their identity stolen from them can be a problem for consumers. Grant believes that it is the job of companies to protect their customers’ data from internal and external abuse.
According to Sean Kevelighan, a spokesman for the Citigroup, the bank is currently coordinating with the affected customers and is improving their procedures to prevent another incident of security breach from happening again. He said that for the safety of he customers, they will no longer divulge further details.
Sophos Senior Security Advisor Chester Wisniewski advised customers not to accept incoming calls from purported financial institutions whether e-mail or phone call. Call using the phone numbers indicated on the card or statement. Likewise, he advised card holders to log in directly on the website when doing online transactions and avoid clicking links.
Want to earn some spare money as a writer for us? Send us an email!