Let me sum this up:
Citi Group sucks ass.
Worst credit company I ever used.
Lousy rates, horrible service.
Hack On brothers and sisters.
Citigroup has been forced to reveal that a recent hack of its network exposed the financial data of more than 360,000 customers, a much higher number than the bank originally disclosed.
The company said last week that hackers who breached Citi Account Online on May 10 had acquired the personal information of about 1 percent of its 21 million North America customers, or approximately 210,000 credit card holders. But in a note posted to its website late Wednesday, the company revealed the new number, and said that it had known the number of customers affected was much higher as early as May 24.
The note didn’t indicate why the company hadn’t disclosed the higher number before, but The New York Times reports that the revelation comes after Connecticut’s attorney general and several other state regulators have opened investigations into the breach and begun demanding more information about it.
Citi said the information the hackers viewed included customer names, account numbers and contact information, but that Social Security numbers, birthdates, card expiration dates and security codes (known as CVV) were not accessed by the hackers. The company also said its main card-processing system was not breached in the attack.
The company began to notify customers affected by the breach, and re-issue about 217,000 new cards on June 3, but then waited until June 9 to disclose it to the public. In its note this week, the company listed the number of affected accounts by state. California had the highest number of affected customers at more than 80,000, followed by Texas with 44,000, Illinois, New York and Florida.
Citi said it has implemented “enhanced procedures” to prevent a recurrence of the breach, but didn’t elaborate.
The attack involves typing various strings of data into the address bar of the browser to gain access. The attackers used an automated tool to type in repeated account numbers into the address bar, tens of thousands of times, to access the account data.