Facing its second security breach in the past four months, Citigroup has confirmed that the personal data of more than 92,000 customers of Citi Cards Japan was stolen and sold to a third party.
Account numbers, names, addresses, phone numbers, birthdates, gender and the date the account was opened were all included in the information allegedly obtained by a supplier, ComputerWeekly.com reports. Citigroup said that personal identification numbers and card security codes were not obtained and that the breach only affects Citi Cards Japan customers.
Because security information was not compromised, Citigroup said that there is a minimal risk for fraud, although it is monitoring all accounts for suspicious credit card transactions.
Customers affected by the breach will be notified by mail and on Citi Cards Japan’s website. These customers have the option to be issued new credit cards.
Citigroup said it will take firm action against parties involved in the information theft, but has given no details of how the breach happened, ComputerWeekly.com reports.
In May, the company was affected by a breach of its online accounts system and had to reissue nearly 360,000 credit cards.
Representative Mary Bono Mack (R-Calif.) recently introduced legislation in the House that establishes uniform national standards for data security and data breach notification.
“With nearly 1.5 billion credit cards now in use in the United States – and more and more Americans banking and shopping online – sophisticated hackers and cyber thieves have a treasure chest of opportunities to ‘get rich quick,’” Bono Mack said. “These eye-popping data breaches only reinforce my long held belief that much more needs to be done to protect sensitive consumer information.”