Slashdot Mirror

← Back to Stories (view on slashdot.org)

Citi Bank Reveals Attack... One Month Late

Posted by CmdrTaco on from the yeah-sorry-about-that dept.

An anonymous reader writes "Is account security a thing of the past? Quote: 'We're talking a fairly serious hack, too. The personal and account information of some 200,000 Citibank card holders in North America was breached, reports Reuters, including contact specifics like names and email addresses. The solitary bit of good news? Citibank claims far more sensitive info like social security numbers, birth dates, card expiry dates and CVV card security codes was not compromised.'"

12 of 111 comments (clear)

  1. How do they know?? by jmd_akbar · · Score: 5, Interesting
    that

    social security numbers, birth dates, card expiry dates and CVV card security codes was not compromised.'"

    --
    Nothing here... So... SHOOO!!!
    1. Re:How do they know?? by Anonymous Coward · · Score: 3

      The article is very light on details but it could be an online profile system rather than the actual credit system of record. There would be an internal token that would associate one with the other, but no direct way to connect between those systems. It's definitely possible to build a system that is segregated in such a manner, and such an architecture is recommended (and to some extent dictated) by many of the financial security rules.

      Or they could be lying.

  2. What "wasn't" compromised... by Ferzerp · · Score: 4, Insightful

    That's because they're going to wait a few weeks and admit that everything really was.

    It should be criminal to employ this tactic, but we see it again and again. These companies have a responsibility to be good stewards of the information we have granted them. When they hide these breaches, they are not acting in good faith.

  3. paying by cellphone is coming by circletimessquare · · Score: 4, Informative

    and if google wallet and its competitors are smart, they'll start with better security from the ground up, and use that as a selling point. consumer awareness of credit card insecurity is high

    replacing all our credit cards with our cell phones is a natural evolution, regardless. but at this stage, in the beginning of the evolution, now is the time to address security robustly, before weaknesses get baked in

    and for the lunatic paranoid fringe who thinks their own democratically elected government is an evil alien entity out to butt rape you: i said replace CREDIT CARDS, not replace cash

    --
    intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
    1. Re:paying by cellphone is coming by dkleinsc · · Score: 3, Insightful

      Actually, the basic problem with the security of payment systems is that there's money involved. If there's money involved, there will be fraud and theft.

      There was fraud when the standard money was gold or silver coin (as minters would substitute in other metals). There's fraud with cash by counterfeiters today. There's fraud with checks. There's fraud at ATMs. There's fraud with credit cards and electronic check payments. There's rampant fraud with PayPal.

      So there's no reason to think that cell phone payments (which wouldn't even be available to large segments of the world population) would be immune to fraud.

      --
      I am officially gone from /. Long live http://www.soylentnews.com/
  4. Great big huge fines ... by gstoddart · · Score: 4, Insightful

    Companies really need to start getting slapped with very large fines for stuff like this.

    Being incompetent to actually protect the data of your clients doesn't mean you simply get to say "oops" and act like nothing happened.

    Someone needs to start holding these companies accountable for stuff like this. You're a bank (albeit a sketchy, annoying one who keeps sending me offers for cards and a bunch of other crap I don't want) ... you're supposed to have a legal obligation to protect this information.

    From the annoying telemarketing and other crap they send me in the mail, I already can't stand Citibank. An inability to actually protect data is just further proof of why I'd never actually deal with Citibank. They just don't give off the feel of actually being a reputable organization to me.

    --
    Lost at C:>. Found at C.
  5. If they don't take this seriously by rebelwarlock · · Score: 5, Insightful

    Don't take them seriously. Find a real bank to do business with.

  6. Every Time I See "Citi Bank"... by Greyfox · · Score: 5, Funny
    I hear the "City Wok" guy from South Park screaming "Shitty Bank!"

    Welcome to Shitty Bank! You want shitty bank account? How about shitty credit card? I can get you a shitty mortgage!

    Oh god damn it! How come every time a hard working Chinese man starts a bank, some JAPANESE DOG open one right next door?!

    --

    I'm trying to teach myself to set people on fire with my mind... Is it hot in here?

  7. Were they PCI compliant? by hawguy · · Score: 4, Interesting

    Did the systems that had the data stolen meet PCI compliance guidelines? If not, can I levy non-compliance fines on the bank for not following their own standards for protection of cardholder data?

  8. The way Google could do it by RobertLTux · · Score: 4, Interesting

    find a good sized but stressed bank and then just go ahead and BUY IT.

    advantages for Google
    1 no need to burn time/money on building the "stuff" needed for a bank
    2 instant access to millions of new customers (have as part of the deal that the bank hosts email on google servers)
    3 this would be a real established bank

    advantages for the Bank
    1 tens of millions new customers (they would logically be the default bank for GWallet)
    2 point and click dibs on the GProfiles of everybody with a Google Account
    3 "native" access to the google server farm network

    --
    Any person using FTFY or editing my postings agrees to a US$50.00 charge
  9. Personal Experience by Lucidus · · Score: 4, Interesting

    My sister was affected by this a few weeks ago, and I wondered that there was nothing on the news about it at the time.

    She got a call saying that her account might have been compromised, and that a new card was on the way. Early on the day after she received the replacement card, and before she had even activated it, there was another call telling her that the new account number had already been used to make several purchases.

    Clearly this was a serious breach that continued over at least several days, and was not the fault of a merchant, as they tried to claim.

  10. subject by Legion303 · · Score: 3, Interesting

    "Is account security a thing of the past?"

    Well, back in the early 90s, Citibank sent a bunch of 3.5" floppies to our school for students to use. Those floppies all had account information and spreadsheets on them. My job was to format them for use by the kids. Since I didn't relish the thought of formatting 50 of these fuckers on one computer, I just brought in a box of blank disks of my own the next day and kept the ShitiBank ones, formatting them for my own use as needed. Shiti is extremely lucky I had no plans to use the information for personal gain, but really, they had absolutely zero way to verify where those disks ended up.

    So to answer your question, I don't think account security has ever realistically been on Citibank's mind.