Citigroup Clients Hit by Hundreds of Illegal Debits

Citigroup Inc. on Wednesday said customers had money illegally withdrawn from their accounts on debit cards used in Canada, Britain and Russia, the latest in a series of data breaches involving U.S. banks.

The largest U.S. bank said it had detected “several hundred fraudulent cash withdrawals” in mid-February. It halted transactions based on PINs, or personal identification numbers, in the locations involved and will provide new cards to victimized customers, the New York-based bank said.

Citigroup said its Citibank unit had learned of a security breach last year involving a third party. The breach occurred in the United States, a person familiar with the matter said.

Bank of America Corp. and Washington Mutual Inc. took similar steps to protect customers after Visa USA in February reported a data security breach at a U.S. merchant.

Many banks and card issuers have reported data breaches in the last couple of years, leading to tightened security rules and regulatory oversight.

Last year, in an unrelated case, Citigroup said United Parcel Service Inc. had lost computer tapes containing account and payment history data on about 3.9 million customers.