Slashdot Mirror

← Back to Stories (view on slashdot.org)

Citi Bank Reveals Attack... One Month Late

Posted by CmdrTaco on from the yeah-sorry-about-that dept.

An anonymous reader writes "Is account security a thing of the past? Quote: 'We're talking a fairly serious hack, too. The personal and account information of some 200,000 Citibank card holders in North America was breached, reports Reuters, including contact specifics like names and email addresses. The solitary bit of good news? Citibank claims far more sensitive info like social security numbers, birth dates, card expiry dates and CVV card security codes was not compromised.'"

9 of 111 comments (clear)

  1. How do they know?? by jmd_akbar · · Score: 5, Interesting
    that

    social security numbers, birth dates, card expiry dates and CVV card security codes was not compromised.'"

    --
    Nothing here... So... SHOOO!!!
  2. What "wasn't" compromised... by Ferzerp · · Score: 4, Insightful

    That's because they're going to wait a few weeks and admit that everything really was.

    It should be criminal to employ this tactic, but we see it again and again. These companies have a responsibility to be good stewards of the information we have granted them. When they hide these breaches, they are not acting in good faith.

  3. paying by cellphone is coming by circletimessquare · · Score: 4, Informative

    and if google wallet and its competitors are smart, they'll start with better security from the ground up, and use that as a selling point. consumer awareness of credit card insecurity is high

    replacing all our credit cards with our cell phones is a natural evolution, regardless. but at this stage, in the beginning of the evolution, now is the time to address security robustly, before weaknesses get baked in

    and for the lunatic paranoid fringe who thinks their own democratically elected government is an evil alien entity out to butt rape you: i said replace CREDIT CARDS, not replace cash

    --
    intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
  4. Great big huge fines ... by gstoddart · · Score: 4, Insightful

    Companies really need to start getting slapped with very large fines for stuff like this.

    Being incompetent to actually protect the data of your clients doesn't mean you simply get to say "oops" and act like nothing happened.

    Someone needs to start holding these companies accountable for stuff like this. You're a bank (albeit a sketchy, annoying one who keeps sending me offers for cards and a bunch of other crap I don't want) ... you're supposed to have a legal obligation to protect this information.

    From the annoying telemarketing and other crap they send me in the mail, I already can't stand Citibank. An inability to actually protect data is just further proof of why I'd never actually deal with Citibank. They just don't give off the feel of actually being a reputable organization to me.

    --
    Lost at C:>. Found at C.
  5. If they don't take this seriously by rebelwarlock · · Score: 5, Insightful

    Don't take them seriously. Find a real bank to do business with.

  6. Every Time I See "Citi Bank"... by Greyfox · · Score: 5, Funny
    I hear the "City Wok" guy from South Park screaming "Shitty Bank!"

    Welcome to Shitty Bank! You want shitty bank account? How about shitty credit card? I can get you a shitty mortgage!

    Oh god damn it! How come every time a hard working Chinese man starts a bank, some JAPANESE DOG open one right next door?!

    --

    I'm trying to teach myself to set people on fire with my mind... Is it hot in here?

  7. Were they PCI compliant? by hawguy · · Score: 4, Interesting

    Did the systems that had the data stolen meet PCI compliance guidelines? If not, can I levy non-compliance fines on the bank for not following their own standards for protection of cardholder data?

  8. The way Google could do it by RobertLTux · · Score: 4, Interesting

    find a good sized but stressed bank and then just go ahead and BUY IT.

    advantages for Google
    1 no need to burn time/money on building the "stuff" needed for a bank
    2 instant access to millions of new customers (have as part of the deal that the bank hosts email on google servers)
    3 this would be a real established bank

    advantages for the Bank
    1 tens of millions new customers (they would logically be the default bank for GWallet)
    2 point and click dibs on the GProfiles of everybody with a Google Account
    3 "native" access to the google server farm network

    --
    Any person using FTFY or editing my postings agrees to a US$50.00 charge
  9. Personal Experience by Lucidus · · Score: 4, Interesting

    My sister was affected by this a few weeks ago, and I wondered that there was nothing on the news about it at the time.

    She got a call saying that her account might have been compromised, and that a new card was on the way. Early on the day after she received the replacement card, and before she had even activated it, there was another call telling her that the new account number had already been used to make several purchases.

    Clearly this was a serious breach that continued over at least several days, and was not the fault of a merchant, as they tried to claim.