Citigroup’s Japanese credit card unit said in a message sent last week to its user base that “certain personal information of about 92,400 customers has allegedly been obtained and sold to a third party”, according to a report by eWeek.
The Japanese unit told police that a person working for a subcontractor to which Citigroup outsourced part of its business sold the information to a third party, according to the report.
The information included names, addresses, credit card account numbers, phone numbers, dates of birth, and dates the accounts were opened. However, card security codes were not compromised, the company said.
This is the second major credit card data breach for Citigroup this year. In June, Citigroup admitted to a data breach affecting 360,000 credit card customers in North America.
In that data breach, Citigroup said that customer names, account numbers, and contact information were accessed by hackers, but that information critical to committing fraud, such as social security numbers, dates of birth, card expiration dates, and card security codes, was not compromised.
However, Citigroup disclosed that credit card customers had $2.7 million stolen from their accounts as a result of the June data breach.