Citigroup latest bank to disclose hack: 200k accounts compromised
Found on Ars Technica on Wednesday, 08 June 2011
The system breached was Citi Account Online, which contains names, addresses, account numbers, and similar information. Citi claimed that more sensitive data-such as dates of birth, social security numbers, and the CVV card security codes-was held elsewhere, and has not been compromised.
The company said that the hacking was detected in early May by routine account monitoring, but offered no information on how the information was taken or by whom it might have been taken. Nor did Citi state whether the information had been used to perform fraudulent transactions.
More interesting than who did this is why the data was stored on Internet-facing servers in the first place. Citi may try to downplay the attack, but the leaked information is still good enough for more coordinated attacks against individuals, like spear-phishing.