Jun 09 2011

Citi credit card security breach discovered

Category: Security BreachDISC @ 10:42 am
Citigroup

Image via Wikipedia

“Citigroup says it has discovered a security breach in which a hacker accessed personal information from hundreds of thousands of accounts.

Citigroup said the breach occurred last month and affected about 200,000 customers.”

“During routine monitoring, we recently discovered unauthorized access to Citi’s account online,” said Citigroup, in a prepared statement. “A limited number — roughly 1 percent – of Citi bankcard customers’ accounting information (such as name, account number and contact information including email address) was viewed.”

According to its annual report, Citigroup has about 21 million credit card accounts in North America, where the breach occurred.

The statement went on to say that the customers’ Social Security numbers, dates of birth, card expiration dates and card security codes “were not compromised.”

Well the routine monitoring discovered the Citi Group incident which clearly shows that intrusion was not discovered during the incident but after the incident had happened.
Cyber intrusion cost will increase and depend upon how late the incident was detected. The organizations should change their corporate strategy to more proactive approach where they can maintain, monitor and improve security controls based on the current value of the information asset.

If you’re a Citibank customer, we suggest you take a look at your account and immediately report any irregularities.

Stopping Identity Theft: 10 Easy Steps to Security

http://www.youtube.com/watch?v=KH0zno_6d9M

Tags: Citigroup, Credit card, Customer, Financial Times, Online service provider, PlayStation Network, Security, Social Security number

Dec 22 2009

FBI Probes Hacks at Citibank

Category: Security BreachDISC @ 4:45 pm

NYC - TriBeCa: Smith Barney-Citigroup Building
Image by wallyg via Flickr

The Wall Street Journal

The Federal Bureau of Investigation is probing a computer-security breach targeting Citigroup Inc. that resulted in a theft of tens of millions of dollars by computer hackers who appear linked to a Russian cyber gang, according to government officials.

The attack took aim at Citigroup’s Citibank subsidiary, which includes its North American retail bank and other businesses. It couldn’t be learned whether the thieves gained access to Citibank’s systems directly or through third parties.

The attack underscores the blurring of lines between criminal and national-security threats in cyber space. Hackers also assaulted two other entities, at least one of them a U.S. government agency, said people familiar with the attack on Citibank.

The Citibank attack was detected over the summer, but investigators are looking into the possibility the attack may have occurred months or even a year earlier. The FBI and the National Security Agency, along with the Department of Homeland Security and Citigroup, swapped information to counter the attack, according to a person familiar with the case. Press offices of the federal agencies declined to comment.

Joe Petro, managing director of Citigroup’s Security and Investigative services, said, “We had no breach of the system and there were no losses, no customer losses, no bank losses.” He added later: “Any allegation that the FBI is working a case at Citigroup involving tens of millions of losses is just not true.”

Citigroup is currently 27%-owned by the federal government.

The threat was initially detected by U.S. investigators who saw suspicious traffic coming from Internet addresses that had been used by the Russian Business Network, a Russian gang that has sold hacking tools and software for accessing U.S. government systems. The group went silent two years ago, but security experts say its alumni have re-emerged in smaller attack groups.

Security officials worry that, beyond stealing money, hackers could try to manipulate or destroy data, wreaking havoc on the banking system. When intruders get into one bank, officials say, they may be able to blaze a trail into others.

Continue reading at The Wall Street Journal

Tags: Business, Citibank, Citigroup, FBI, Federal Bureau of Investigation, Federal government of the United States, Government agency, Russian Business Network, United States, United States Department of Homeland Security, Wall Street Journal