Citigroup Denies News Report of Multi-Million Dollar Hack Linda McGlasson • December 23, 2009 Was Citibank breached by hackers who siphoned tens of millions of dollars from the bank's customers?The Wall Street Journal on Tuesday reported news of an FBI investigation into an alleged Citibank computer security breach by hackers linked to a Russian cyber gang.
Citigroup executives, however, categorically deny the breach and investigation at Citibank.
"We had no breach of the system and there were no losses, no customer losses, no bank losses," says Joe Petro, managing director of Citigroup's Security and Investigative services. "Any allegation that the FBI is working a case at Citigroup involving tens of millions of losses is just not true."
Few details were given about the alleged attack, which is reported to have involved two other entities, one of them a U.S. government agency. The Citibank attack was reportedly discovered in the summer, but may have actually happened months or even a year earlier. The breach is said to have been detected by law enforcement agents who saw activity on Internet addresses previously used by the Russian Business Network, a Russian-based gang. Two years ago, RBN went quiet, but it is suspected by observers the group has reformed into smaller sects.
See Also
Axis Bank-Citibank merger complete: What will happen to your Citi credit card, Citi debit card, savings, NRE account, home loan?Axis Bank-Citibank merger complete: What will happen to your Citi credit card, Citi debit card, savings, NRE account, home loan?Citi, Goldman Sachs, HSBC and other top banks warn of being investigated by SEC and CFTC over their use of WhatsAppThis isn’t the first breach in Citigroup’s historyWhether the breach did or did not occur, security experts agree on one point: Large banking institutions are under constant attack, and this report should remind them to stay on alert for suspicious activity.
"Bigger banks make bigger targets because there's more booty and more bragging rights to be won from breaking into an institution with a globally recognized brand," says Tom Wills, Security and Fraud Senior Analyst at Javelin Strategy and Research. In the battle with the hacker, it comes down to who has the best security. "And that's something else that no bank will talk to you about in detail. So, you can only really know in hindsight who was the most vulnerable target."
Industry Experts Respond to Report
While the facts of the alleged Citibank breach are open to debate, industry analysts say the report nevertheless sparks warning signs that banking institutions must heed.
"I really can't make the call over who's right until more facts emerge," says Wills. "What I can tell you is that banks are historically reluctant to admit security breaches unless they absolutely have to. It's bad for business."
Dave Shackleford, information security expert and SANS instructor, says there are just not enough details to understand the scope of the breach/attack yet. "First, there is a bit too much hearsay involved here to count as an 'official' story, in my opinion," he says. "It would not surprise me to see a very customized botnet distribution or finance-focused piece of malware that was being run by systems within the RBN. Citi is such a large entity, it would also not surprise me if the entire attack was perpetrated through business partners and extranet connection."
Shackleford predicts that information security professionals will see similar attacks, "much like the US Fighter Jet breach through Northrop Grumman and other defense contractors."
Avivah Litan, a Gartner analyst, says she believes that this alleged attack, if true, may involve the same kinds of man-in-the-browser trojan-based attacks that have already been discussed as risks to banks. "Citibank is certainly under attack," Litan says -- like all other banks, Citi is attacked many times daily
The tools and software that the hackers have at hand are substantial, says one security expert. "There are not a lot of details that anyone is releasing about this [alleged] case. It looks like they are unsure how long their systems [might] have been infected with the "Black Energy" software," says Kevin Prince, CTO of Perimeter E-Security, a security vendor. Prince describes Black Energy as "a Swiss army knife of hacker tools that can do a variety of tasks, including capture bank credentials."
With most large scale breaches, Prince adds, "We find out later that the malware has been installed for many months and sometimes more than a year, such as the case with Heartland, TJ Maxx and others. The sophistication level based on what little data is out there does sounds quite high."
FAQs
More than 200,000 Citigroup bank accounts were hacked in last month, according to just-released data from the company, and federal regulations could tighten because of the security breach. Details of the hack remain scarce. The bank says hackers probably accessed names, card numbers, addresses, and e-mail information.
What is the controversy with Citibank? ›
Citigroup Inc. was accused in a lawsuit of racial discrimination for its policy of waiving ATM fees for customers of minority-owned banks.
Did Citibank have a security breach? ›
Hackers were able to acquire over 350K customer's personal data from Citi's web application. Citi managed over 21M customers when the breach happened. This breach exposed just over 1% of the customer data.
Who hacked Citibank? ›
From a computer terminal in his apartment in St. Petersburg, Russia, Russian software engineer Vladimir Levin broke into a Citibank computer system in New York and, with support from several accomplices, stole $10.7 million by transferring the funds to accounts around the world.
Is there a class action lawsuit against Citibank? ›
SAN MATEO, Calif., Nov. 10, 2023 /PRNewswire/ -- A class-action suit filed today in federal court accuses Citibank of routinely and illegally denied credit for nearly a decade to Californians whose last names appeared to indicate they were of Armenian descent.
How ethical is Citibank? ›
As a result, Citi was given a bottom rating in the Irresponsible Lending criterion. In what areas does Citi score well for its ethics? Citi receives a top rating for the Environmental Report category, due to its detailed environmental targets which demonstrate its aims to improve its sustainability record.
Is it safe to put money in Citibank? ›
Alyssa is a MarketWatch Guides team editor covering personal finance, insurance and loans. Our Citibank review gives the bank 4.2 out of 5 stars overall because while it has cut some fees, the rates on its deposit accounts are generally low.
Is Citibank still safe? ›
Is Citibank trustworthy? Citibank is an established bank which is fully regulated. Your deposits are insured by the FDIC to the full extent of the law. Check the terms and conditions of your specific account type to see how the rules apply.
What is the most famous security breach? ›
Broken Access Control
- MGM Resort Breach(2023) ...
- First American Financial Corp Data Leak (2019) ...
- Quora Data Breach (2018) ...
- Cambridge Analytica Scandal (2018) ...
- The University of California, Los Angeles (UCLA) Data Breach (2014) ...
- Target Data Breach (2013) ...
- Twitter Breach (2022) ...
- Exactis (2018)
There are numerous ways the unauthorized user could have gotten access to your information, such as purchasing it on the dark web, getting it after a data breach, or phishing via email, phone or text message.
Yes, your Citi account will remain the same after the acquisition by Axis Bank.
What is the biggest bank hacked? ›
ICBC, the world's largest lender by assets, said Thursday its financial services arm experienced a ransomware attack “that resulted in disruption to certain” systems. Security expert have said ransomware from the hacking group LockBit was used to carry out the cyberattack on ICBC.
Why did Citibank lock my account? ›
If Citi determines that your login credentials have been compromised, your online and mobile access may be automatically blocked, reducing the likelihood of an unauthorized person accessing your information. Citi then sends you a notification with a prompt to reset your password to safely regain access.
Will Citibank refund scammed money? ›
Under EFTA, banks such as Citi are required to reimburse their customers for money in their accounts that is lost or stolen through unauthorized electronic payments.
Did Citibank have a data breach? ›
More than 200,000 Citigroup bank accounts were hacked in last month, according to just-released data from the company, and federal regulations could tighten because of the security breach. Details of the hack remain scarce. The bank says hackers probably accessed names, card numbers, addresses, and e-mail information.
What percentage will Citibank settle for? ›
If Citibank has a strong chance of winning its case against you, you'll want to offer at least 60% of the obligation you owe. For instance, if your current balance is $2,000, you can offer Citibank $1,200 in a one-time payment to settle the amount due. Once you know how much you can pay, send an offer.
Why is Citigroup in trouble? ›
Slowing loan growth, rising interest rates, and inflation are among the causes of Citigroup's groups losses. Citi executives expect big credit losses, CNBC reports. They set $1.85 billion aside to cover credit losses in the fourth quarter of 2023.
What are the allegations against Citigroup? ›
A Citigroup managing director alleged the bank failed to protect her from a supervisor's violent threats and abuse due to a “pervasive” culture of sexual harassment and gender discrimination, according to details added Monday to her November lawsuit, Reuters reported.
What is happening to Citi? ›
Citigroup is planning to lay off 20,000 employees, or about 10% of its workforce, in the next two years as it comes off its worst quarterly financial results in more than a decade.
