14 DAY TRIAL // Citi Cards Japan (CCJ), a subsidiary of financial giant Citigroup, is dealing with a data breach that exposed the personal and account information of over 90,000 customers.
The company is currently in the process of contacting all affected individuals by mail and is monitoring exposed accounts for fraudulent activity.
"CCJ has placed internal fraud alerts and enhanced monitoring on all accounts identified, and no unusual or suspicious credit cards transactions relating to these customers have been detected at this point," the company said in a statement.
The data breach was not caused by hackers breaking into the company's systems, but by an employee working for a contractor who sold the information to a third party.
The compromised data includes customer names, addresses, phone numbers, dates of birth, gender, account numbers and the date when they were opened.
CCJ notes that information that would directly facilitate fraud, such as Personal Identification Numbers (PINs) and Card Security Codes (CVVs) has not been compromised.
Nevertheless, the company is prepared to re-issue the credit cards of concerned customers and stresses that they will not be held responsible if any fraudulent transactions occur.
"CCJ takes the safeguarding of customers’ information seriously and will take firm action against parties involved in the information theft," the company said. The authorities have already been notified and have opened an investigation into the breach.
Back in June, Citigroup announced that over 360,000 North American accounts were compromised after hackers exploited a vulnerability on its Citi Account Online website.
The company confirmed that fraudulent transactions totaling $2.7 million were registered on 3,400 of those accounts. However, that loss was small compared to the tens of millions spent notifying affected customers and re-issuing credit cards.
The problem with any such data breach is that the cost of mitigating the risks can end up far exceeding the actual fraud.