This Day On The Street
Continue to site
ADVERTISEMENT
This account is pending registration confirmation. Please click on the link within the confirmation email previously sent you to complete registration.
Need a new registration confirmation email? Click here

Citigroup Breach Raises Disclosure Questions

Story updated with a statement from Rep. Langevin.

NEW YORK ( TheStreet) -- Citigroup (C - Get Report) customers' personal information and account numbers were exposed to hackers for several weeks and industry experts are questioning why the bank waited until today to reveal the breach.

Michael Dunne, a partner at Day Pitney, says that banks do not have a specific time frame when they need to notify customers of a security failure, although they are required to do so by law at some point.

"Each financial institution is supposed to notify customers of a data breach promptly, but there may be reasons for a delay," Dunne says. "One reason is they may have coordination with law enforcement. But generally you release a notice to customers right away, like the day after."

"I think regulators really need to step it up. All companies have to disclose when their data is breached, but banks seem to be an exception to the rule," said Gartner Research analyst Avivah Litan."There are no uniform disclosure laws. It is really just a patchwork of state laws and some banks have to report and others do not."

According to an article in the Financial Times Citi discovered the breach in "early May" during routine monitoring.

A Citigroup spokesperson said that it immediately took a look at how the breach would impact customers and," wanted to validate the situtation to figure out the best way to repond to customers" when news of the breach leaked.

How a bank reacts internally to contain any fraud following the discovery of a security failure is also key.

"Financial institutions will always be targeted by hackers, and some of those attacks are going to succeed no matter how much you invest in security measures," says Celent analyst Zilvinas Bareisis. "Financial institutions need to think not only how to prevent attacks, but also take measures to ensure that if the attack is successful, the impact is minimized, for example by segregating information."

The hackers were able to access information a small percentage of the bank's 21 million customers in North America, the FT reported.

"During routine monitoring, we recently discovered unauthorized access to Citi's Account Online. A limited number - roughly one percent - of Citi North America bankcard customers' account information (such as name, account number and contact information including email address) was viewed," said a Citigroup spokesperson.

Citigroup said that customers social security numbers, birthdays or card security codes were not exposed in the attack and that it was sending out notices to customers whose security was compromised.

Litan said that this hack was unique, in that this is the first time she can think of a bank that was hacked through its website.

"I'm guessing that the hacker got in through an employee email account like Gmail," she said. "I think businesses really have to face a penalty for breaches. Regulators have failed to address this issue."

Rep. Jim Langevin (D-RI), co-founder of the Congressional Cybersecurity Caucus put a statement out on his website, stating that he was, "shocked," to learn about the incident and how Citigroup responded.

"Citigroup knew that their customers' data was potentially exposed back in early May, but is only now, a full month later, informing the public about this threat to their personal information," Langevin said. "The government must also work harder to be good stewards of the public's personal data. Many of our federal systems with large amounts of personal data are outdated, with inadequate security practices."

Citigroup's customer data was also exposed in April when Epsilon reported that they had been hacked. Epsilon manages email for banks such as Citigroup, Capital One (COF), JPMorgan (JPM), US Bancorp (USB) and Barclays (BCS).

--Written by Maria Woehr in New York.



To contact the writer of this article, click here: Maria Woehr.

To follow the writer on Twitter, go to http://twitter.com/newsgirlmw.

To submit a news tip, send an email to: tips@thestreet.com.

Check Out Our Best Services for Investors

Action Alerts PLUS

Portfolio Manager Jim Cramer and Director of Research Jack Mohr reveal their investment tactics while giving advanced notice before every trade.

Product Features:
  • $2.5+ million portfolio
  • Large-cap and dividend focus
  • Intraday trade alerts from Cramer
Quant Ratings

Access the tool that DOMINATES the Russell 2000 and the S&P 500.

Product Features:
  • Buy, hold, or sell recommendations for over 4,300 stocks
  • Unlimited research reports on your favorite stocks
  • A custom stock screener
Stocks Under $10

David Peltier uncovers low dollar stocks with serious upside potential that are flying under Wall Street's radar.

Product Features:
  • Model portfolio
  • Stocks trading below $10
  • Intraday trade alerts
14-Days Free
Only $9.95
14-Days Free
Submit an article to us!
SYM TRADE IT LAST %CHG
C $53.76 0.00%
AAPL $128.95 0.00%
FB $78.99 0.00%
GOOG $537.90 0.00%
TSLA $226.03 0.00%

Markets

DOW 18,024.06 +183.54 1.03%
S&P 500 2,108.29 +22.78 1.09%
NASDAQ 5,005.3910 +63.9670 1.29%

Partners Compare Online Brokers

Free Reports

Top Rated Stocks Top Rated Funds Top Rated ETFs