BreachExchange mailing list archives
Re: [Update]: Citi Hackers Made $2.7 Million
From: Jeffrey Walton <noloader () gmail com>
Date: Sat, 25 Jun 2011 15:27:32 -0400
On Sat, Jun 25, 2011 at 3:05 PM, Jeffrey Walton <noloader () gmail com> wrote:
http://www.pcworld.com/businesscenter/article/231182/citi_hackers_made_27_million.html Citigroup suffered about US$2.7 million in losses after hackers found a way to steal credit card numbers from its website and post fraudulent charges. Citi acknowledged the breach earlier this month, saying hackers had accessed more than 360,000 Citi credit card accounts of U.S. customers. The hackers didn't get into Citi's main credit card processing system, but were reportedly able to obtain the numbers, along with the customers' names and contact information, by logging into the Citi Account Online website and guessing account numbers.
Hmmm..... 2.7 million stolen because the hackers were able to guess account numbers. The terms "application security" and "egregious security related defect in the system" come to mind. I think the legal term is "grossly negligent". I think this is the score card to date: * Hackers abscond with $2.7 million * Citigroup passes loss onto share holders (risk is democratized) * Citigroup rewards its executives for a job well done via bonuses (reward is privatized) * Citigroup directs affected individuals to FTC for Identity Theft Awareness * Citigroup advises affected individuals to monitor their credit well-being So, the hackers have won, the Citigroup executives have won, the share holders have lost, and the affected individuals have lost. This really begs two questions: why are share holders and individuals bearing the burden on Citigroup's incompetence? _______________________________________________ Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://datalossdb.org/mailing_list Learn encryption strategies that manage risk and shore up compliance. Download Article 1 of CREDANT Technologies' The Essentials Series: Endpoint Data Encryption That Actually Works http://credant.com/campaigns/realtime2/gap-LP1/
Current thread:
- [Update]: Citi Hackers Made $2.7 Million Jeffrey Walton (Jun 27)
- Re: [Update]: Citi Hackers Made $2.7 Million Jeffrey Walton (Jun 27)