Citibank confirms hacking attack

Citi logo
Image caption The bank is under fire for not telling customers about the May breach

Hackers have stolen data from thousands of Citibank customers in the US, the bank has confirmed.

The breach exposed the names of customers, account numbers and contact information.

But other key data, such as date of birth and card security codes were not compromised, the bank said in a statement.

Citigroup is the latest in a string of high profile companies to be targeted by cyber criminals.

It has been criticised for not telling customers about the breach when it happened in May.

"We are contacting customers whose information was impacted. Citi has implemented enhanced procedures to prevent a recurrence of this type of event," a Citi spokesman said in a statement to the Reuters news agency.

High alert

Around 1% of the bank's 21m account holders were affected - around 210,000 individuals.

The statement did not detail how the breach had occurred.

Security experts said the thieves may try to get hold of more information from those targeted.

"While Citi customers aren't likely to have fraudulent charges against their accounts as a result of this breach, they are likely to encounter social engineering attempts to enable further crime," blogged Chester Wisniewski, a consultant for security firm Sophos.

"Customers affected by this incident should be on high alert for scams, phishing and phone calls purporting to be from Citibank and their subsidiaries," he added.

Citigroup in the latest firm to be hacked in recent weeks. Japanese electronics group Sony is still recovering from the theft of millions of pieces of data from its network.

While security firm RSA has offered to replace the 40 million secure tokens used by people to log into banks after it emerged that key data that operates them had been stolen in March.

More on this story