CitiGroup lost approximately 1 percent of its North American customers' credit cards in a recent data breach.  (Source: Clary/Getty Images)
"Security breaches happen, they're going to continue to happen..." -Citigroup executive

CitiGroup, Inc. (C) claims to be the world's largest credit card company with hundreds of millions of credit cards worldwide (21 million customers in North America alone) according to recently filed financial documents.

On Thursday, CitiGroup revealed that its servers containing information on North American customers were hacked.  Approximately 200,000 cardholders, or approximately 1 percent of the company's North American cardholders had some of their information lost.  Customers from other regions were not affected.

The intrusion occurred sometime in early May.  The hackers gained access to the users' customers, account numbers, and contact information, including email addresses.  Other information, such as birth dates, social security numbers, card expiration dates and card security codes (CVV) were not compromised.

Sean Kevelighan, a U.S.-based spokesman for CitiGroup, wrote in a comment to Reuters, "We are contacting customers whose information was impacted. Citi has implemented enhanced procedures to prevent a recurrence of this type of event. For the security of these customers, we are not disclosing further details."

The timing of the breach was ironic, considering that Citigroup global enterprise payments head Paul Galant, in an April interview stated, "Security breaches happen, they're going to continue to happen ... the mission of the banking industry is to keep the customer base safe and customers feeling secure about their financial transactions and payments."

Citi's lost data, including credit card numbers, still pales in comparison to that of Japanese giant Sony Corp. (TYO:9684).  Sony is believed to have lost over 100 million user records and over 10 million user credit cards in a series of breaches [1][2][3][4][5][6].  As of this week, it was still continue to suffer from intrusions of its online properties.

Some experts say CitiGroup, like Sony, may suffer reputation damage for waiting so long to tell users about the breach.  States Dan Simpson, a spokesman for Australia's Consumer Action Law Center, an advocacy group, "It may be the bank's business, but it's the consumer's personal information so consumers deserve to be told about security breaches immediately."

Bank officials say the delay was necessary in order to conduct a proper investigation.  That investigation has still not wrapped up; CitiGroup is still trying to determine the hackers' identities or location.  The company has also declined to reveal how the data breach occurred -- it is unclear whether this has been determined.

In recent months CitiGroup has been in the news for throwing its support behind Google Inc.'s (GOOGwireless near field communications (NFC) cell phone "credit card" scheme

CitiGroup was one of several banks to be "bailed out" by the Bush and Obama administrations during the recent financial crisis.  The bank received $45B USD in direct funding, and $306B USD in coverage of losses from troubled assets.  In return the government received a mere $27B USD in stock -- approximately a third of company.  

Despite losing almost a third of a trillion dollars in the net operation, some say the bailout was worth it, as it ensured the financial safety of CitiGroup's card and investment fund holders.

"We basically took a look at this situation and said, this is bullshit." -- Newegg Chief Legal Officer Lee Cheng's take on patent troll Soverain

Copyright 2017 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki