Citigroup has acknowledged that over 360,000 credit card accounts were involved in the data breach that occurred in May, apparently directly through Citi’s online browser interface. Now documents are emerging regarding Citi’s post-breach communication with affected customers. Privacy advocates are distressed that despite the precedents established by other instances of breach remediation at other firms, Citi has apparently decided not to offer every affected customer a period of free credit monitoring service.
Citi has consistently downplayed the potential impact of the breach, noting that neither social security numbers nor card security numbers were stolen. Hackers do employ other means to penetrate security barriers, however, often linking data from multiple sources. Finextra reports that such account penetration has apparently occurred. They cite a Wall Street Journal source alleging:
“[Citi] has now told government officials that the accounts of 3400 customers have suffered around $2.7 million in total losses.”
Citi will, of course, absorb the losses on the card accounts, but it is placing the burden on customers to “remain vigilant” with respect to potential identity theft, and seek additional assistance if necessary:
“Citigroup’s letter to clients offers special services to customers who believe their identities have been stolen. Bank spokesman Sean Kevelighan said that clients calling a hotline mentioned in the letter would automatically be offered services including at least six months of monitoring.”
It appears the help will be available to those who may have a documented need, but Citi is skimping a bit to not extend the offer equally to all customers before trouble is evident.
Click here for more from Banktech.com: http://www.banktech.com/risk-management/231000354 Click here for the Finextra article: http://finextra.com/News/Fullstory.aspx?newsitemid=22704