Insider Threat Management

Throwback Hack: The Citigroup Hack of 2011

(Updated on 10/29/2020)

In 2011 (dubbed “The Year of the Hack”), the third-largest bank by assets at the time, Citigroup Inc, suffered a major attack by hackers. By sheer size and vast amount of wealth, Citigroup was an attractive target for hackers.

Citigroup Data Breach 1

The Breach:

Sometimes the biggest hacks are the simplest, as was in the case of the Citigroup data breach. Using Citigroup’s customer website as a point of entry to get past traditional security defenses and to impersonate credit card holders, a group of sophisticated hackers broke into the bank’s vault of data and financial information—navigating for months before being detected.

The witty thieves involved in the Citibank hack leapfrogged between the bank accounts of various Citi customers by inserting different account numbers into the string of text found in the browser's address bar. The hackers wrote code that would repeat this process several hundreds of thousands of times which was the primary method of data collection. By hacking standards, this was a simple job to execute, but its genius lies in using an overlooked gateway - the website’s vulnerabilities to get in.

The Aftermath:

By the time Citibank realized it had been hacked, approximately 360K of the North American Citigroup's accounts were affected by the data breach. Customer names, account numbers, and contact information were accessed, but the company maintains that critical data to commit fraud was not compromised such as expiration dates and three-digit card security codes.

Approximately 217K customers were reissued cards and were given a notification letter, while the other remaining accounts were fortunately inactive. A notification was not issued until about nine days after the breach was discovered. It took about seven days after discovery to identify the affected accounts which were comprised of about 1% of the 21 million North American Citigroup customers. Ultimately, the total loss from the Citibank hack resulted in a $2.7 million loss for the company.

The Data Breach Market is Growing:

In 2011, many security pundits were scratching their heads wondering why so much hacking was happening. Experts answered that due to the increased amount of information being stored online, there is a correlation to the increased number of cyber-attacks.

Hackers are not interested in just stealing money, with critical information such as contact information and ID numbers, they can sell the raw materials on the black market, a market that has been valued in the billions. The black market started small but has been growing into a much more sophisticated marketplace saturated with brokers selling information on the internet bazaars. Criminals then use the stolen information to impersonate credit card owners and to buy merchandise.

In addition, many organizations are not taking cybersecurity very seriously, which leaves numerous vulnerabilities, and this is just too attractive for hackers to ignore.

Key Takeaways:

  • The biggest lesson from the Citigroup data breach is to have your website audited by professionals. If Citigroup had audited the site and repaired the vulnerabilities none of this would have happened.
  • A secondary lesson is that Citigroup should have publicized the breach on the day that it occurred. This would have reassured their customers that they are being transparent and taking the matter seriously.

Although this data breach occurred nearly four years ago, many of the techniques are still prevalent today. It's a shame, however, how many breaches have occurred since 2011 illustrating the lack of urgency around data theft prevention and security from corporations today. Due to the lack of urgency coupled and the precipitous rate of growth, we are seeing major growth in the "black market." It will be interesting to see what it will take for companies to put security and risk prevention at the top of their to-do-lists.

Subscribe to the Proofpoint Blog