Citigroup has released more details about the hacking incident, revealing that far more credit card accounts were affected then originally reported. Earlier this week, the financial group said that roughly 1% of its 21 million credit card accounts had their personal information leaked but now it appears that 360,083 accounts were affected.
A total of 217,657 of the hacked accounts were notified of the attack but it wasn’t until more than three weeks after the breach was discovered. Asked why more than 100k customers who were affected were never notified Citigroup said, "Some accounts were not re-issued credit cards if the account is closed or has already received new credit cards as a result of other card replacement practices. These accounts continue to receive heightened monitoring for suspicious activity."
Citigroup insists that they have taken steps to prevent similar attacks from happening in the future. They refused go into details about how the attacks occurred but according to the New York Times, “In the Citi breach, the data thieves were able to penetrate the bank’s defenses by first logging on to the site reserved for its credit card customers.
Once inside, they leapfrogged between the accounts of different Citi customers by inserting various account numbers into a string of text located in the browser’s address bar. The hackers’ code systems automatically repeated this exercise tens of thousands of times — allowing them to capture the confidential private data.”
In short, the incident was the result of a simple URL hack.
As always, stay tuned to Credit Cards Professor for more credit card news and updates.
| < Prev | Next > |
|---|
