Bank of America, Citigroup Reissue Cards After Breach
Massachusetts Customers Impacted by Unidentified Incident Two US banks recently reissued new credit and debit cards to Massachusetts customers after a data breach at an unnamed merchant.Bank of America and Citigroup both issued replacement cards and notified customers that their account numbers may have been compromised. Neither bank will say exactly how many cards were replaced or which third-party merchant database compromise was referred to in the notification letters.
Citi's spokesperson Janis Tarter says this incident is not related to a new data breach. "I am completely unaware of anything new."
The most recent notable breach of credit and debit cards was the Network Solutions data breach that occurred for three months earlier this year. Notification by the company to the more than 4,300 merchants affected was made on July 24. More than 573,000 credit and debit card accounts were compromised in the breach.
Tarter says when the bank becomes aware of a data breach, it takes appropriate steps, above and beyond its normal prevention and detection actions, on any customer accounts that may have been impacted. Actions include the use of Citi's Fraud Early Warning System to monitor accounts, as well as notifying some customers who may be at increased risk due to suspicious activity.
Bank of America media representative Betty Riess says her institution routinely reissues credit and debit cards. "Through the use of fraud monitoring, if we see the card has been used fraudulently or we've been notified by the card company of misuse, we will block and reissue a customer's card," Riess says.
Riess says she would not be able to comment on a third-party breach, and since the breach did not originate at Bank of America, there would be no notification from Bank of America to the Commonwealth of Massachusetts, where the breached customers reside. Often, she says, when the bank is notified from the card companies, the fraud notification does not say where the breach originated.