Asia spared in Citi breach
No customers in the Asia-Pacific region have been affected by the latest security breach at Citigroup, where personal data of about 200,000 U.S. card holders were reportedly compromised.
In response to queries from ZDNet Asia, a Singapore-based Citibank spokesperson confirmed Thursday that there is "no impact" outside of North America.
According to the Financial Times (FT), hackers breached Citi Account Online, which contained datasuch as names, account numbers and e-mail addresses. Citigroup revealed about 1 percent of its card customers were affected by the incident, but noted information such as birth dates, card expiration dates and card security codes were not exposed.
Citing the bank's annual report, FT reported that there are 21 million Citi cardholders in North America.
The bank told FT it discovered the unauthorized access in early May as part of its routine monitoring. It did not, however, disclose how the system was breached.
A Citigroup spokesperson told Reuters that the bank has contacted customers whose information had been compromised. "Citi has implemented enhanced procedures to prevent a recurrence of this type of event," the spokesperson added.
RSA customers request new tokens
In a separate development, Citigroup is one of several U.S. banks that have indicated plans to replace their SecurID tokens for use in multifactor authentication. Bank of America, JPMorgan Chase and Wells Fargo also said they will do so as soon as possible.
Australian banks ANZ andWestpac have also confirmed they will be replacing RSA SecurID tokens issued to customers and staff.
ANZ told ZDNet Asia's sister site ZDNet Australia that while there is no direct threat to customers, replacing tokens is "the best course of action" given advice from RSA.
In an open letter to customers on Monday, RSA Chairman Art Coviello said token replacement will be offered to more customers as added assurance following an attack on Lockheed Martin, a U.S. government defense contractor and RSA customer. It also promised to "implement risk-based authentication strategies" such as monitoring and fraud detection services for consumer-facing organizations, particularly financial institutions.