Hilton HHonors - Hilton Visa: New Cards sent to me due to "breach"

Just a heads up.

Citibank notified (stealthily: I found this out only after logging in into account today and seeing a "security message" which prompted me to call in) me that they would be sending out new cards with a new account number. Reason they gave me: a "security breach" in a major retailer.

May affect others as well. I do not know if this is widespread.

Some minor inconvenience to me in terms of redoing billpay, paypal, recordkeeping etc. Will be looking to see what they offer in the mail in terms of relief e.g. credit monitoring etc.

Just a heads up.

Citibank notified (stealthily: I found this out only after logging in into account today and seeing a "security message" which prompted me to call in) me that they would be sending out new cards with a new account number. Reason they gave me: a "security breach" in a major retailer.

May affect others as well. I do not know if this is widespread.

Some minor inconvenience to me in terms of redoing billpay, paypal, recordkeeping etc. Will be looking to see what they offer in the mail in terms of relief e.g. credit monitoring etc.

Got the same for my AA Mastercard (also from Citi). First saw the security message, and yesterday got the new card in the mail. It didn't say which merchant's card database had been compromised. Think Citi would tell me?

We must not shop at the same places. I didn't get this message for my Hilton & AA cards.

We must not shop at the same places. I didn't get this message for my Hilton & AA cards.

I sent Citi a "secure message" asking what merchant was the cause for this replacement.

My partner's AA MC was canceled on him, too. And just a month after my Professional card was canceled. In all cases, we didn't receive any email or phone notice. Just a security message when we logged in online. Which was a real b*tch in my case, because I was logging in on the road to pay my bill online. When I called Citi to inquire about this, I was told, "Oh, you'll have your replacement card sent to you in just a few days, and then you can activate the new card number for online access." When told that I was on the road, my bill was due in 3 days, and wouldn't be back home for about 3 weeks, he paused a few seconds and finally said, "I guess we can waive the fee for telephone payment if you'd like to do that."

I'm seriously giving thought to closing out my Citi cards. These card cancellations are causing my partner and me major disruptions ferreting out all the places where we've used the cards for automated payments. One is our concern regarding security, if they're having to cancel people's cards on them so frequently. And the other is how they're handling the cancellation notifications (or lack thereof).

I'm seriously giving thought to closing out my Citi cards.

That's exactly what I'll be doing if, as I expect, I will not get a meaningful answer from them. I was particularly annoyed when they used the opportunity of me activating the new card to try and push (via rep) their credit monitoring service and 0% balance transfers.

Interesting.. I just had to cancel my HH Visa due to fraudulent charges. It would be interesting to know who the retailer is and see if there is some relationship between this report and my problem.

We got replacement cards a couple weeks ago. I didn't open the envelope for a week and was surprised at the reason for the new cards - mine were good for another year. No fraudulent charges. I also would like to know the merchant.

Via the secure messaging system, Citi told me to call customer service.

When I called them, the rep claimed they didn't know the merchant and were still investigating.

This makes little sense to me. My account had no fraudulent charges and the notification I got clearly said it was a merchant database compromise. If they want to protect the merchant's reputation, fine -- they are going to lose me as a customer.

Sent another follow-up message, pointing them to CA state law (SB 1386), which might apply here and require notification.

I received new Citibank Mastercards a few weeks ago also. Second time in about a year. Big pain updating all autopay accounts...

I started a similar thread this morning in the "Other Credit Card Programs" section with respect to my Citi Mastercard. Maybe these threads should be merged under a heading like "Citi credit cards - widespread security breach".

Also, since Citi doesn't seem to be willing to identify the problem merchant, is anyone interested in sharing the names of the internet retailers they've been dealing with using their compromised Citi cards?

I started a similar thread this morning in the "Other Credit Card Programs" section with respect to my Citi Mastercard. Maybe these threads should be merged under a heading like "Citi credit cards - widespread security breach".


That would make sense -- I had actually looked earlier if there was an existing thread since it really isn't specific to Hilton cards (mine's an AA MC).


Also, since Citi doesn't seem to be willing to identify the problem merchant, is anyone interested in sharing the names of the internet retailers they've been dealing with using their compromised Citi cards?

I'd think the culprit doesn't have to be an internet retailer. Could also be a national retailer (think mall store).

The latest reply I received from Citi via their secure msg service (which, by the way, is complete cr*p compared to the equivalent Chase feature) is that they can't deal with it via the secure msg service and that they forwarded my message to the appropriate department for investigation and that I would receive a reply in the mail in 10-15 days.

Coincidentally my membership fee is coming due this month and I had been considering closing the account anyway (want to focus on hotel points for a while), so this is just another good reason to close it.

I too got a new card and found out when I logged on.

I think the merchant has to be Hilton. I only use my Citi Visa for Hilton stays and in the rare occation when a merchant doesn't take Amex. Which only happens once in a blue moon for me. Couple charges internationally and one or two at local lunch places. Literally my usage on this card is minimal don't even use it every month.

I think the merchant has to be Hilton. I only use my Citi Visa for Hilton stays and in the rare occation when a merchant doesn't take Amex. Which only happens once in a blue moon for me. Couple charges internationally and one or two at local lunch places. Literally my usage on this card is minimal don't even use it every month.

I'll have to check more closely, but I don't think I used my AA MC at a Hilton property (I've only had three or four stays in the last two years, since I got the MC).

Also, since Citi doesn't seem to be willing to identify the problem merchant, is anyone interested in sharing the names of the internet retailers they've been dealing with using their compromised Citi cards?
Is this all separate from the merchants who just got outed for breaches? Have you been doing business with the ones who just got in trouble (Barnes & Noble, TJ Maxx, etc)? (http://www.securityfocus.com/news/11530)

I think the merchant has to be Hilton. I only use my Citi Visa for Hilton stays... Interesting. That would explain why Citi is protecting the identity of the "merchant" that triggered all this... they're a "client."

We never got any kind of automated message from Citi, just a set of new cards in the mail. Huge pain in the neck because of all the account relationships I had to update, but I presume they know what they're doing... just glad I wasn't on the road for an extended period when the deal went down.

Re: fraud watch... this is the same Citi that called my house in Seattle within 30 minutes of my using the card at the LIRR kiosks at Jamaica Station, Queens, leaving JFK... asking if I was in NY or not. Brilliant.

Here's a blog post (http://www.creditaddict.com/archives/credit-card-number-compromised-citi-issues-new-account-number-replacement-cards/) reporting the same issue -- in June 2008.

Just had my Citibank-issued American Express card cancelled with the same information from the customer service representative (no actual fraudulent activity observed, preventative measure [covering their ... at the customer's inconvenience] due to merchant database breach, won't indicate which one). Data points: I have never ever used this card at a Hilton, a TJ Maxx, or a Borders; based both on memory of not having stepped into one of those merchants in the past year or purchased online from them, and on having just perused all statements since my application for this specific card this spring.

Grrr. What a royal PITA....

I received a notice from Bank of America for my VISA (fraternity affinity card) a couple of weeks ago basically saying the same thing...got the new card in a few days later. I'm 29 and I bet this will happen a few more times in my lifetime.

By the way, I'm at the HI in Fishers, IN...nice property. Glad I'm not back home (Houston) and I hope the brick on my patio is still there... :(