What was taken? Information taken from Citi’s servers included customer names, account numbers and contact information such as e-mail address. Hackers did not get access to information such as birth dates, Social Security numbers, card expiration dates and card security codes, the company has said.
How much was taken? Citigroup has said that 1 percent of its 21 million credit card customers — about 200,000 accounts — were affected by the breach.
The Atlantic reported that many more may have been hit by the breach however, as debit card customers have also reported being affected. The Financial Times reported that several customers found out their accounts were affected when they tried to use their cards and were declined.
Citi spokesman Sean Kevslighan said the company is not disclosing further details about the attack out of concern for customer security.
When did this happen? According to a Reuters report, Citi discovered the breach about a month ago, in early May.
It’s not clear why Citigroup didn’t tell its customers about the breach sooner. Not having that information could have made some customers vulnerable to phishing scams. Companies such as Sony have been harshly criticized for not immediately sharing that customer information had been stolen, and Citi’s reticence may backfire.
How is Citi responding? Citi is contacting customers affected by the breach, reports say, and has contacted law enforcement officials about the attack. The company said it is also taking measure to prevent future attacks.
Is there anything I can do to protect myself? There’s really nothing to do but be vigilant. If you have a Citigroup account, be on the lookout for suspicious messages asking for your credit card information, or claiming to have information on your credit.
Since the hackers were able to view e-mails, you should keep a very close eye on your inbox. Phishing scams often hide in the guise of an e-mail from a trusted institution or company — such as Citigroup, Amazon or eBay — requesting for customers to “confirm” or “verify” their credit card information. Never respond to these kinds of e-mails.