Citi, Confirming Breach, to Issue Tens of Thousands of New Cards

Citigroup said hackers have viewed some of its credit-card customers' account information in North America. Alison Tudor has details.

Story by Wall Street Journal
Written by Randall Smith and Alison Tudor

Citigroup Inc. plans to issue replacement credit cards to tens of thousands of customers affected by an incident of unauthorized access to customer information.

A Citigroup spokesman on Thursday didn't rule out the possibility of fraudulent charges on the accounts, which Citi said represent about 1% of its North American bank card customers. The spokesman added that fraud protection covering unauthorized use should apply in such cases. Citi has 21 million credit-card accounts.

The information subject to the unauthorized access included holders' names, account numbers and email addresses, Citi said. But the breach didn't compromise additional personal information such as Social Security numbers, date of birth, and card security codes or expirations. A spokesman said Citi's debit cards weren't affected.

"During routine monitoring, we recently discovered unauthorized access to Citi's Account Online," the New York-based bank said in a statement. "For the security of these customers, we are not disclosing further details."

The bank said that it is contacting customers whose information was affected and that it has implemented enhanced procedures to prevent a recurrence of this type of event.