Citigroup acknowledged on June 9, 2011, that unidentified hackers had breached its security and gained access to the data of hundreds of thousands of its credit card customers in North America. The bank said about 1 percent of its North American credit card holders had been affected, putting the total count of customers exposed in the hundreds of thousands, based on its 2010 annual report, which reported 21 million credit card customers in North America. While information concerning customers’ names, credit card numbers, addresses and e-mail addresses was exposed, the bank said that data like the “Social Security number, date of birth, card expiration date and card security code were not compromised.” Feel better?!?!?! Probably not!
Citi is notifying cardholders who have been affected via mail, as well as via their online accounts. Most customers will also receive a replacement card, the company said. This incident is on the heels of two very high profile hackings – Sony and RSA Security. Sony reported a series of assaults on its PlayStation network and several Sony Web sites – some claim as many as 18 break-ins so far. However, in what was likely the most disconcerting heist, was the penetration of the security system of RSA, maker of the popular SecurID.
RSA Security Firm Offers to Replace Tokens After Attack
The week began with RSA Security offering to replace its SecurID tokens for most of its 40 million users as it tries to regain customer confidence after prominent hacking attacks. The offer made in a letter posted on the company’s Web site attempted to reassure customers that all was well. It is common practice for most large companies and government agencies to supply these electronic tokens to employees who need to VPN (Virtual Private Network) into computer networks from remote locations. The tokens generate random numbers for use in remote log-ins.
Earlier last week, Lockheed Martin, the nation’s largest military contractor, confirmed that hackers had breached its network in May, partly by using data stolen from RSA in a separate hacking attack in March. Lockheed’s was the first intrusion that was known to result from the hacking at RSA, a division of the EMC Corporation. RSA said in March that the hackers had stolen data that could compromise a company’s SecurID system in a broader attack.
If all of these reported hackings and intrusions have not made you revisit your IT security efforts, then nothing will! Get your team together and start thinking, planning and plotting! Time is of the essence!