Less than four months after the breach that affected some 200,000 Citigroup customers comes the news that the personal data of 92,000 Citi Cards Japan users has been compromised and sold to a third party.
But, while the previous one was the result of a break-in by unknown attackers, this second one was performed by a supplier. In both cases, no credit card security codes or PINs were compromised.
For the moment, Citigroup has not shared how the supplier managed to get ahold of the account numbers, names, addresses, phone numbers, dates of birth, gender and dates the accounts were opened. What it did share was the intention of taking “firm action” against him, Computer Weekly reports.
Citigroup has informed the affected customers via a letter and has published a warning about what happened on its website.
The customers who want to have their credit cards revoked and have Citigroup issue a new one are invited to ask for it. In the meantime, they are asked to be wary of potential phishing attacks taking advantage of the stolen information.