In 2011, Hackers accessed the information of approximately 1% of Citibank’s 21 million users, or close to 360,000 customers. Customer names, account numbers, and contact information were exposed. Social Security numbers, security codes and dates of birth reportedly were not exposed. The breach occurred sometime in May 2011.
According to privacyrights.org, hackers obtained customer names, account numbers and transaction information by logging into the customer credit card site and guessing the account numbers of other customers. Since the account number appeared in the web address browser bar, simply altering an account number allowed the hackers to access a different account. The hackers also utilized an automatic computer program to guess account numbers quickly. At least $2.7 million was lost by 3,400 customers as of July 2011. In numerous reports, Citi was criticized for its slow response to the hack and delays in notifying customers.