Regulators pressuring banks after Citi data breach

By Maria Aspan

NEW YORK (Reuters) – Banking regulators are pressuring banks to improve their data security standards following large data breaches at banks including Citigroup Inc, a top U.S. regulator said on Thursday.

The Federal Deposit Insurance Corp is developing new guidance for banks and may ask “some banks to strengthen their authentication when a customer logs onto online accounts,” FDIC Chairman Sheila Bair said on Thursday.

Citigroup said late on Wednesday that computer hackers breached the bank’s network and accessed the data of about 200,000 bank card holders in North America, the latest in a string of cyber attacks on high-profile companies.

Citi said the names of customers, account numbers and contact information, including email addresses, were viewed in the breach. The Financial Times said the bank discovered the breach in early May.

Citi said other information such as birth dates, social security numbers, card expiration dates and card security codes (CVV) were not compromised.

“We are contacting customers whose information was impacted. Citi has implemented enhanced procedures to prevent a recurrence of this type of event,” Sean Kevelighan, a U.S.-based Citi spokesman, said by email Wednesday night. “For the security of these customers, we are not disclosing further details.”

In the brief email statement, Citi did not say how the breach had occurred.

Another Citi spokesman, James Griffiths in Hong Kong, said the breach had affected 1 percent of North American card customers, which the bank’s annual report says total 21 million.

The third-largest U.S. bank is the latest in a growing list of companies that have suffered cyber attacks, including Sony and Google Inc.

Banks can be particularly attractive targets for cyber criminals, Bair said on Thursday.

“It’s kind of a constant,” she said. “It’s one of the many risks that you have to deal with.”

(Reporting by Maria Aspan; editing by John Wallace)