A recent breach involving the use of debit cards has been unveiled after thousands of Citibank customers may have had their data compromised when they used ATM machines located in 7-Eleven convenience stores.

It appears Citibank's systems were not directly compromised and 7-Eleven's networks were the only ones affected.  The network, which is Microsoft Windows-based, can be more easily repaired and diagnosed remotely, but comes with a security flaw that the hackers exploited.  

The companies that operate the ATMs in 7-Eleven, Fiserv and Cardtronics, are working closely with authorities in their investigation.  But Fiserv said it is not directly involved in the case and has not returned e-mails or phone calls from journalists.  Cardtronics also said that it uses encrypted pin pads and triple data encryption to help protect user information.

The most frightening aspect is that the criminals were able to make off with millions, effectively attacking the back-end computers that are responsible for transactions.  Until recently, however, using the four digit pin has been the most reliable and closely guarded method to deal with banking in public spaces, and banks must now deal with potential problems of hackers successfully hacking back-end computer networks.  

"PINs were supposed be sacrosanct — what this shows is that PINs aren't always encrypted like they're supposed to be," said Gartner security analyst Avivah Litan.  "The banks need much better fraud detection systems and much better authentication."

To date, seven suspects have been arrested in the case, with more arrests possible, police authorities said.  Three people from the group have already been charged and now facing charges ranging from conspiracy to fraud.

Citibank did not disclose how the hackers compromised the network, but did say all affected customers have been notified of the security breach.