WASHINGTON (12/23/09)--The Federal Bureau of Investigation (FBI) is investigating a computer security breach targeting Citigroup Inc.'s subsidiary, Citibank, says The Wall Street Journal (Dec. 22). The theft resulted in tens of millions of dollars stolen by hackers working with Russian cybercriminals, the newspaper said, adding the attack was detected over the summer but could have occurred as long as a year earlier. Citigroup denied the report, saying its system had no breaches and no losses--either for customers or the bank. The newspaper cited a source "familiar with the case" who said the FBI, the National Security Agency, the Department of Homeland Security and Citigroup had "swapped information to counter the attack." The federal agencies declined to comment, said the newspaper. A Citibank customer, Robert Blanchard, co-owner of a lighting company in Mount Vernon, N.Y., told the newspaper he tried to log into his company's Citibank account on July 6 but couldn't do so with his regular password and token code. Citibank changed his password and sent him a new one by overnight mail, but he still couldn't get in. Before he could call his local bank branch, online thieves had sent more than $1 million from his account to banks in Latvia and Ukraine. Investigators discovered a computer at his lighting company had been infected by a computer at another company he co-owns. That computer dragooned his lighting company computer into a group of computers used to attack others. The software loaded onto his computers included a spyware program that logged keystrokes. Citibank sleuths began working to help him recover $810,855 from the Latvian bank, and Citibank gave him the remainder, said the article. Citigroup said the Blanchard case was an isolated fraud incident." Citigroup has stayed mum about such incidents since 1994, when Citibank revealed that a Russian hacker had stolen more than $10 million from customer accounts, said security analysts. Most of the money was recovered. However, the bank's competitors used the incident to try to steal its largest depositors. The recent incident indicates that today's hackers have more sophisticated elements that are harder to block from intrusion, said security companies in the article.