Newsroom

June 10, 2011 - Yet another data breach has struck, with Citigroup reporting Thursday that roughly 210,000 credit-card accounts in North America have been compromised.

Citigroup spokesman Sean Kevelighan said the breach was discovered during a routine monitoring of online account information. Customer names, account numbers and contact information were among the data intercepted, he said. However, Social Security numbers, dates of birth and bank-card security codes were not accessed, Kevelighan noted.

He also said Citigroup has reached out to those customers whose sensitive data were compromised and "implemented enhanced procedures to prevent a recurrence of this type of event." As of the end of the first quarter, Citigroup had 21.1 million credit-card accounts.

One of the key factors driving NAFCU's recent push for a delay in the Federal Reserve's debit interchange fee-cap rule has been the costs incurred by financial institutions to cover merchant data breaches. NAFCU believes that the debit interchange fee-cap rule, set to go into effect July 21, will limit credit unions' ability to mitigate costs related to a breach.

Thus far, merchants have eluded facing any statutory obligation to guard against the theft of consumer data. Recent breaches at Michaels Stores and Sony are key examples where companies have asked financial institutions to shoulder the cost of reissuing cards when it was the retailers that failed to protect their customers' data. These costs are covered in part by the interchange income card issuers receive on the use of debit cards at merchant locations.