On Thursday, various news sources reported a data breach at Citigroup affecting a couple hundred thousand credit card account holders. Citi debit card customers were reportedly not affected. According to InformationWeek, the data stolen included:
"... names, account numbers, email addresses, and contact details... customer's social security number, date of birth, card expiration date, and card security code (CVV) were not compromised..."
Since similar data breaches have happened before in the financial services industry, some experts wonder if banks are doing enough to protect sensitive consumer information.
The bank is notifying affected customers. Details are sparse, as Citigroup did not disclose an exact number of breach victims, nor details about exactly how the unauthorized access happened. At press time, a check of the Citigroup website did not produce any press releases about the data breach.
The data stolen is sufficient for scam artists and spammers to target breach victims with phishing attacks via e-mail and phone. Citigroup markets the Identity Monitor credit monitoring service and Identity Theft Solutions support services for identity-theft victims.
It will be interesting to see what, if any, identity theft and fraud resolution services that Citigroup arranges for its breach victims.