Le principe Noemi concept
Astuces informatiques
Webbuzz & Tech info
Noemi météo
Notions de Météo
Animation satellite
Mesure du taux radiation
NC Communication & Design
News Département Com
Portfolio
NC Print et Event
NC Video
Le département Edition
Les coups de coeur de Noemi
News Grande Région
News Finance France
Glance.lu
Citigroup has been forced to reveal that a recent hack of its network exposed the financial data of more than 360,000 customers, a much higher number than the bank originally disclosed.
The company said last week that hackers who breached Citi Account Online on May 10 had acquired the personal information of about one percent of its 21 million North America customers, or about 210,000 credit-card holders. But in a note posted to its web site late Wednesday, the company revealed the new number, and said that it had known the number of customers affected was much higher as early as May 24. The note didn’t indicate why the company hadn’t disclosed the higher number before, but the New York Times reports that the revelation comes after Connecticut’s attorney general and several other state regulators have opened investigations into the breach and begun demanding more information about it.
Citi said the information the hackers viewed included customer names, account numbers and contact information, but that Social Security numbers, birthdates, card expiration dates and security codes (CVV). were not accessed by the hackers. The company also said its main card processing system was not breached in the attack.
The company began to notify customers affected by the breach, and re-issue about 217,000 new cards, on June 3, but then waited until June 9 to disclose it to the public. In its note this week, the company listed the number of affected accounts by state. California had the highest number of affected customers at more than 80,000, followed by Texas with 44,000, Illinois, New York and Florida.
Citi said it has implemented “enhanced procedures” to prevent a recurrence of the breach, but didn’t elaborate.
The Times reported this week that the hackers easily penetrated the company’s network by using a commonly known technique called parameter tampering against a vulnerability in the Citigroup web site. The attack involves typing various strings of data into the address bar of the browser to gain access. The attackers used an automated tool to type in repeated account numbers into the address bar, tens of thousands of times, to access the account data.
Photo: Gregalicious/Flickr
See Also:
