Citibank ATM Network Compromised

March 9, 2006: Citibank has alienated many of its U.S. customers by blocking their accounts in an attempt to halt fraudulent cash withdrawals after what is being called a “class break.”

The bank is remaining tight-lipped about the cause of the breach, saying: “we don't know precisely who it was, and even if we did, we couldn't discuss it publicly for a variety of reasons.” However, the incident bears a striking resemblance to the CardSystems fiasco in 2005 where forty million Mastercard and Visa card holders were exposed to fraud.

A large number of fraudulent cash withdrawals made from ATM’s outside the U.S. in mid-February prompted the account freeze. According to the Bank, customer information allowing unauthorised cash withdrawals to be made from Citibank Mastercard cards was obtained in the U.S. last year by thieves in “a third-party business' information breach”.

The Citibank breach has been labelled a “class break”, meaning that one breach opens the door for a whole new class of attacks using similar methods. Because of this, bank spokesman said that Citibank has been forced to block PIN-based withdrawals from its Mastercard cards in Britain, Canada and Russia.

Customers using their cards to withdraw cash in these countries had the transaction cancelled and their accounts marked “ineligible”, forcing the re-issue an unspecified amount of new cards to U.S. customers whose details have been compromised.

Comment on this story

Related Article:

40 million credit cards hit by huge security breach