More unsettling news revolving the recent Citi Cards data breach indicates that hackers made off with $2.7 million from customer accounts.
The hackers who infiltrated the card division of Citi (NYSE: C) stole $2.7 million from roughly 3,400 customer accounts, a little under 1% of the accounts compromised during a cyber attack on May 10.
The news comes nearly two weeks after Citi came out with a public release revealing that over 360,000 customer accounts were subject to unauthorized access by cyber criminals.
The breach was originally expected to hit over 200,000 customer accounts as Citi said that the breach impacted 1% of total North American credit card accounts (totaled 21 million at the end of 2010).
“The customer’s social security number, date of birth, card expiration date and card security code (CVV) were not compromised,” said Citi spokesperson Sean Kevelighan in early June.
Customer information that may have been obtained include names, account numbers, and email addresses. Typically, such details are not enough to make purchases and it remains unclear how hackers were able to use such limited customer information to conduct unauthorized purchases.
Possible explanations include email and phone phishing, through which unsuspecting customers may have provided sufficient information to commit fraud.
Additionally, Citi has not explained the manner in which hackers were able to gain access to customer accounts, citing a pending investigation. “Citi has implemented enhanced procedures to prevent a recurrence of this type of event,” the bank said.
Nearly 218,000 North American customers have been reissued new cards and account numbers.
Affected customers are not responsible for any fraudulent charges on their accounts, said Citi. “We encourage our customers to review their account statements and to report any suspicious or unauthorized charges to us.”