Credit Card Number Compromised: Citi Issues New Account Number, Replacement Cards
Late last week, I received an envelope from Citi, but I didn’t get around to opening it until just this morning. In it, I found two new Citi Dividend Platinum Select cards along with a note saying that our old cards would stop working on June 30, 2008. Here’s the text of the insert:
IMPORTANT SECURITY MESSAGE!
Your account number may have been illegally obtained as a result of a merchant database compromise and could be at risk for unauthorized use. As a result, we have issued you a new Citi Card(s).
Please call the too-free number on the sticker affixed to the enclosed new card(s) as soon as possible. During that call we will activate your new card(s) for immediate use; this will automatically close your existing account number (the last 2 digits of which are indicated on the attached card carrier). These steps have been taken to reduce the risk of unauthorized use.
If you do not reply by the date indicated on the top of your card carrier, your existing account will be closed automatically. Please inform authorized users that this account number is being close. Also, please contact any service providers who automatically bill your account to provide them with your new account number. We regret any inconvenience that this may cause. Please be assured that Citi Cards is committed to safeguarding the security of our customers’ accounts.
Unfortunately, there was no indication of whose database had been compromised. I’m assuming that this problem wasn’t limited to Citi cards, though I haven’t heard from any other card issuers on this matter. Fortunately, we don’t really use this card for much anymore, so it won’t be hard to switch over to the new number. All of our recurring charges are either on our Chase Freedom Rewards or Amex Blue Cash cards.
Get via RSS
Same thing happened to us (second time in less than a year) and we have spent several days trying to find out which merchant had the security problem - so we don’t do business with them again. Citibank referred us to Mastercard International, who referred us to the Central Fraud Department, who told us that it was being investigated and they would let us know when they have more information.
Comment by Hadley Kilmer — Jun 30th 2008 @ 11:30 pmSame thing happened to us - 2nd time in three weeks - and no internet purchases were made with the new account number during that period. Also a Citicard. Both times Citicard phone staff contacted us about the compromised data (no hard copy mail) and both times we were advised they didn’t know and couldn’t say which merchant had a compromised data base. Very few purchases were made during the 3 week period the new card was active. However, it was 2.5 days after I notified the small group of “automatic billing” merchants about the new card that the most recent call regarding compromised data was received. Would you be interested in sharing/comparing merchant info? We received the newest card (third in the series…) today and, if it’s possible, would like to avoid giving the card number to the merchant not practicing “safe security”.
Comment by M Des Rochers — Jul 22nd 2008 @ 6:41 pm