Multinational financial service provider Citigroup appears to be snake-bitten by security problems, and not just through Web hacking.
Eight weeks after a hacker cracked its credit card database, the company's credit card unit in Japan, Citi Card, reported in a message to its user base Aug. 5 that "certain personal information of about 92,400 customers has allegedly been obtained and sold to a third party illegally."
This breach, however, apparently did not involve online hacking. Citigroup told police that a person involved in a company to which Citi Cards outsourced part of its business had illicitly obtained the information and sold it to a third party.
Information made vulnerable includes account numbers, names, addresses, phone numbers, dates of birth, gender and the date the account was opened. Citi revealed that personal identification numbers and security codes (CVV, or Card Verification Value, data) were not compromised.
Despite the data theft, no unauthorized use of the cards had been reported by the end of business on Aug. 5, the Kyodo News reported.