PROVIDENCE, R.I. (Legal Newsline) - Rhode Island Attorney General Peter Kilmartin on Thursday informed residents who are Citibank customers that their names, account and contact information and e-mail have been compromised.
According to the Attorney General's Office, a "hacking attack" of about 210,000 Citibank customer accounts happened in May. However, the company only made it public Wednesday in response to media queries.
Kilmartin's office said the company discovered the breach early last month while doing routine monitoring, finding that hackers had gained access to Citi's Account Online service and hit more than 200,000 customers in North America.
According to Citibank, which is based in New York City, Social Security numbers, birth dates, card expiration dates and three-digit codes remain safe.
While this means that the hackers cannot access customer funds, the contact information is enough for scammers to try to elicit more information through targeted attacks, such as phishing, Kilmartin explained.
Using the email addresses, hackers can send messages asking for sensitive information, leading to possible identity theft and fraud. Customers also can be tricked through phone calls by callers pretending to be a legitimate financial institution's representative, the attorney general said.
For his part, Kilmartin has sent a letter to Citibank informing the company of Rhode Island's Identity Theft Protection Law, which requires the company to notify customers whose information or identities may be compromised by a security breach.
In addition, he has requested that Citibank provide the Attorney General's Office with how the company plans to notify impacted customers in the state, the extent of the impact, and procedures the company is taking to prevent such a breach from happening again.
From Legal Newsline: Reach Jessica Karmasek by e-mail at firstname.lastname@example.org.