Citibank customers lost $2.7 million in recent attack
The unknown hackers who stole 360,083 sets of customer records from Citibank servers using simple URL manipulation have now begun to raid the accounts of those affected. The Wall Street Journal reports that 3,400 customers have suffered $2.7 million in losses. The disclosure, made to government officials, is the first confirmation that the breach did result in losses. Citigroup has said it will cover any losses and customers would not be liable for unauthorised use of their accounts in connection with the cards.
The attack on Citibank captured the details of 1.5% of the 23.5 million credit card accounts it operates in North America. The details were gained by exploiting a loophole in the web server which allowed a user to access account information of other customers merely with a simple change to the URL. Although the hackers did not obtain the CVV numbers on the backs of the cards, social security numbers, birthdates and card expiration dates, they did manage to extract an average of $794 per card according to the losses reported so far. To date, 217,000 customers have been issued with new credit cards.