Citigroup, law enforcement refute cyber heist report: Via Computerworld Cybercrime/Hacking News.

Citigroup says no system breach, no losses of customer or bank data, funds

Citigroup and a federal law enforcement source on Tuesday refuted a claim that the bank's customers lost millions of dollars in an advanced cyber heist over the summer, leaving lingering questions over details of the alleged attack.

According to a report in Tuesday's Wall Street Journal, the FBI is investigating the theft of tens of millions of dollars from Citibank using malicious software created in Russia.

A source within federal law enforcement who declined to be identified said the Wall Street Journal story was inaccurate and appears to have confused a known 2007 hack of Citigroup-branded automated teller machines with a long-running criminal effort to hack online banking customers and move money out of their accounts.

"They've screwed up so many different things," he said. The FBI had no comment.

A second banking fraud investigator, who also asked not to be identified because of his ongoing investigations, agreed with this assessment. The long-running effort to hack online banking by installing password-stealing Trojan horse programs known as Zeus and Clampi has affected many banks, but it has compromised customers' PCs and not the banks themselves, he said.

Citigroup released an initial statement saying that while there have been attempts to interfere with the availability of its systems, "we had no breach of the system and there were no losses, no customer losses, no bank losses."

"Any allegation that the FBI is working a case at Citigroup involving tens of millions of losses is just not true," read the statement, attributed to Joe Petro, managing director of Citigroup's Security and Investigative services.

On Tuesday afternoon, Citigroup released a second statement alleging that the Wall Street Journal story was inaccurate and that the theft of tens of millions of dollars was "false." Citigroup did indicate that fraud in other parts of the financial chain will cause it to shore up its defenses.

"Occasionally, as with virtually all financial institutions, there are instances of fraud or breaches of third-party systems that result in our taking actions to protect our customers and Citi," the second statement read.

Read Original Article:(Via Computerworld Cybercrime/Hacking News.)