Citigroup admitted on Wednesday that an attack on its website allowed hackers to view customers' names, account numbers and contact information such as e-mail addresses for about 210,000 of its cardholders. Citigroup admitted on Wednesday that an attack on its website allowed hackers to view customers’ names, account numbers and contact information such as e-mail addresses for about 210,000 of its cardholders.Citigroup did not say how the website, Citi Account Online — which is used by its customers to manage their cards — was compromised. The bank discovered the breach, which was first reported in Thursday’s Financial Times, early last month.Other customer information, such as Social Security numbers, birthdates, card expiration dates and the three-digit code on the back of the card, were not exposed, the company said.The affected customers are being contacted by Citigroup. However, the Citi Account Online website did not have a notification of the breach on its front page on early Thursday morning. The Financial Times reported that several card customers only found out about the issue last weekend when transactions using their card were denied, raising questions about Citigroup’s notification procedures.Although hackers may have not gained complete information on cardholders, the contact information is enough for scammers to try and elicit more information through targeted attacks. The e-mail addresses, for example, could be used to send “phishing” messages asking for other sensitive information which could potentially give identity thieves enough to start committing fraud.Phishing can also be done over the phone, with the caller impersonating someone in authority and tricking a victim into thinking they’re talking to a legitimate financial institution’s representative.Send news tips and comments to jeremy_kirk@idg.com Related content news UK government plans 2,500 new tech recruits by 2025 with focus on cybersecurity New apprenticeships and talent programmes will support recruitment for in-demand roles such as cybersecurity technologists and software developers By Michael Hill Sep 29, 2023 4 mins Education Industry Education Industry Education Industry news UK data regulator orders end to spreadsheet FOI requests after serious data breaches The Information Commissioner’s Office says alternative approaches should be used to publish freedom of information data to mitigate risks to personal information By Michael Hill Sep 29, 2023 3 mins Government Cybercrime Data and Information Security feature Cybersecurity startups to watch for in 2023 These startups are jumping in where most established security vendors have yet to go. By CSO Staff Sep 29, 2023 19 mins CSO and CISO Security news analysis Companies are already feeling the pressure from upcoming US SEC cyber rules New Securities and Exchange Commission cyber incident reporting rules don't kick in until December, but experts say they highlight the need for greater collaboration between CISOs and the C-suite By Cynthia Brumfield Sep 28, 2023 6 mins Regulation Data Breach Financial Services Industry Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe