Citi Bank Reveals Attack... One Month Late 111
An anonymous reader writes "Is account security a thing of the past? Quote: 'We're talking a fairly serious hack, too. The personal and account information of some 200,000 Citibank card holders in North America was breached, reports Reuters, including contact specifics like names and email addresses. The solitary bit of good news? Citibank claims far more sensitive info like social security numbers, birth dates, card expiry dates and CVV card security codes was not compromised.'"
How do they know?? (Score:5, Interesting)
social security numbers, birth dates, card expiry dates and CVV card security codes was not compromised.'"
Were they PCI compliant? (Score:5, Interesting)
Did the systems that had the data stolen meet PCI compliance guidelines? If not, can I levy non-compliance fines on the bank for not following their own standards for protection of cardholder data?
The way Google could do it (Score:5, Interesting)
find a good sized but stressed bank and then just go ahead and BUY IT.
advantages for Google
1 no need to burn time/money on building the "stuff" needed for a bank
2 instant access to millions of new customers (have as part of the deal that the bank hosts email on google servers)
3 this would be a real established bank
advantages for the Bank
1 tens of millions new customers (they would logically be the default bank for GWallet)
2 point and click dibs on the GProfiles of everybody with a Google Account
3 "native" access to the google server farm network
Personal Experience (Score:5, Interesting)
My sister was affected by this a few weeks ago, and I wondered that there was nothing on the news about it at the time.
She got a call saying that her account might have been compromised, and that a new card was on the way. Early on the day after she received the replacement card, and before she had even activated it, there was another call telling her that the new account number had already been used to make several purchases.
Clearly this was a serious breach that continued over at least several days, and was not the fault of a merchant, as they tried to claim.
subject (Score:4, Interesting)
"Is account security a thing of the past?"
Well, back in the early 90s, Citibank sent a bunch of 3.5" floppies to our school for students to use. Those floppies all had account information and spreadsheets on them. My job was to format them for use by the kids. Since I didn't relish the thought of formatting 50 of these fuckers on one computer, I just brought in a box of blank disks of my own the next day and kept the ShitiBank ones, formatting them for my own use as needed. Shiti is extremely lucky I had no plans to use the information for personal gain, but really, they had absolutely zero way to verify where those disks ended up.
So to answer your question, I don't think account security has ever realistically been on Citibank's mind.