Citi Bank Breach - 1% (estimate) of 21 million customers

["Al" <macwheel99 () wowway com>]

http://www.bankinfosecurity.com/articles.php?art_id=3730
<http://www.bankinfosecurity.com/articles.php?art_id=3730&rf=2011-06-10-eb>
&rf=2011-06-10-eb 

The breach could have exposed
<http://www.bankinfosecurity.com/articles.php?art_id=3564> personally
identifiable information about 200,000 Citi customers [See
<http://www.bankinfosecurity.com/articles.php?art_id=3724> Citi Breach
Exposes Card Data.] is a potential wake-up call to banks in general.

Citigroup confirmed June 9 that a breach of its Citi Account Online platform
had been accessed by an "unauthorized user."  "A limited number - roughly 1
percent - of Citi North America bankcard customers' account information
[such as name, account number and contact information, including e-mail
address] was viewed," Kevelighan said. "The customer's Social Security
number, date of birth, card expiration date and card security code [CVV]
were not compromised. We are contacting customers whose information was
impacted." 

Citi has approximately 21 million card customers.

According to a news report in the  <http://www.ft.com/home/us> Financial
Times, Citi discovered the breach in early May.

The Citi hack comes on the heels of a number of highly publicized incidents,
including breaches of
<http://www.bankinfosecurity.com/articles.php?art_id=3696> Google's Gmail,
<http://www.bankinfosecurity.com/articles.php?art_id=3641> Sony,
<http://www.bankinfosecurity.com/articles.php?art_id=3502> Epsilon and
<http://www.bankinfosecurity.com/articles.php?art_id=3488> RSA Security,
which earlier this week announced that the March breach of its
<http://www.bankinfosecurity.com/articles.php?art_id=3444> SecurID
multifactor  <http://www.bankinfosecurity.com/category.php?catID=206>
authentication tokens was linked to subsequent breaches at
<http://www.bankinfosecurity.com/articles.php?art_id=3688> Lockheed Martin
Corp. and L-3 Communications Holdings Inc.

 

-Al Mac-

- Allowing one's computer to be unprotected, while connected to the
internet, can be compared to owning a handgun and putting it out on your
doorstep every night, in case a passing robber might be in need of one.
Unfortunately millions of people are doing exactly that, while thousands of
them do so through networks of companies and government agencies that they
manage.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Learn encryption strategies that manage risk and shore up compliance.
Download Article 1 of CREDANT Technologies' The Essentials Series:
Endpoint Data Encryption That Actually Works
http://credant.com/campaigns/realtime2/gap-LP1/