Officials from Citigroup have confirmed that an unauthorized network access event may have compromised the private account details of as many as two hundred thousand North American banking clients.
Representatives of Citigroup said they detected the breach of the Citi Account Online network in May through routine monitoring of the systems.
"A limited number - roughly 1 percent - of Citi North America bankcard customers' account information [such as name, account number and contact information, including e-mail address] was viewed," said Sean Kevelighan, head of communications and public affairs for Citigroup.
"The customer's Social Security number, date of birth, card expiration date and card security code [CVV] were not compromised. We are contacting customers whose information was impacted," Kevelighan said.
Citigroup immediately reported the security incident to law enforcement and regulatory authorities, but has not revealed any particular details of the data loss event.
Thus far, it appears that only credit card accounts were exposed in the breach, though some reports suggest that some debit card information may have been involved.
Citigroup officials are in the process of notifying customers who's data may have been exposed.
Guidelines require banks to immediately notify regulators in the event of a data breach, but do not require immediate notification of customers if there is a risk that the alert could compromise an investigation.
“For the actual breach to happen at a bank is a very big deal,” said Gartner's Avivah Litan.
So far, there have been no reports of stolen funds related to the incident. Citigroup indicated they have tightened security controls since the breach was discovered.