First Sony, and now Citi.
In a statement this week, Citigroup said that some of its credit card customers' personal data was stolen by hackers, who broke into the company's online account system. The statement came in response to news reports of a breach that media outlets said occurred last month.
The one-paragraph statement, distributed to reporters only on request, contained the following sketchy details:
- Compromised information included names, account numbers and email addresses.
- Social Security numbers, birth dates, credit card expiration dates and credit card CVV security codes were not accessed.
- The breach was discovered during the company's routine credit card security monitoring activities.
- Customers whose data was exposed should expect to be contacted by Citi.
- Improved procedures have been implemented to prevent a recurrence.
- Only 1 percent of Citi accounts, all in North America, were compromised.
One percent sounds like a small number, but a sliver of a huge population can mean quite a lot of people. In this case, a little math suggests a figure of around 210,000.
Data breaches at big-name companies get the most attention, yet smaller incidents are common these days as well. A report by the Identity Theft Resource Center in San Diego now lists 195 different data breaches so far this year.
Consumers are well-advised to monitor their credit card accounts, using the electronic means offers by the card issuers. In this case, that advice has a cruel irony since the online account system by which Citi customers can access the information they're supposed to monitor was the target of the attack, site of the breach and source of the compromised information.
Liability for unauthorized credit card use is limited by federal law to $50 in cases of fraud, and most issuers offer a zero-liability policy in such cases as a bit of extra protection for consumers. Liability exposure is significantly higher on debit cards, even if fraud is involved.
Follow me on Twitter: @marciegeff