This account is pending registration confirmation. Please click on the link within the confirmation email previously sent you to complete registration.
Need a new registration confirmation email? Click here
See Cramer's multi-million dollar portfolio for FREE and get his new book Get Rich Carefully! Learn More

Citigroup Breach Raises Disclosure Questions

Story updated with a statement from Rep. Langevin.

NEW YORK (TheStreet) -- Citigroup (C) customers' personal information and account numbers were exposed to hackers for several weeks and industry experts are questioning why the bank waited until today to reveal the breach.

Michael Dunne, a partner at Day Pitney, says that banks do not have a specific time frame when they need to notify customers of a security failure, although they are required to do so by law at some point.

"Each financial institution is supposed to notify customers of a data breach promptly, but there may be reasons for a delay," Dunne says. "One reason is they may have coordination with law enforcement. But generally you release a notice to customers right away, like the day after."

"I think regulators really need to step it up. All companies have to disclose when their data is breached, but banks seem to be an exception to the rule," said Gartner Research analyst Avivah Litan."There are no uniform disclosure laws. It is really just a patchwork of state laws and some banks have to report and others do not."

According to an article in the Financial Times Citi discovered the breach in "early May" during routine monitoring.

A Citigroup spokesperson said that it immediately took a look at how the breach would impact customers and," wanted to validate the situtation to figure out the best way to repond to customers" when news of the breach leaked.

How a bank reacts internally to contain any fraud following the discovery of a security failure is also key.

"Financial institutions will always be targeted by hackers, and some of those attacks are going to succeed no matter how much you invest in security measures," says Celent analyst Zilvinas Bareisis. "Financial institutions need to think not only how to prevent attacks, but also take measures to ensure that if the attack is successful, the impact is minimized, for example by segregating information."

The hackers were able to access information a small percentage of the bank's 21 million customers in North America, the FT reported.

"During routine monitoring, we recently discovered unauthorized access to Citi's Account Online. A limited number - roughly one percent - of Citi North America bankcard customers' account information (such as name, account number and contact information including email address) was viewed," said a Citigroup spokesperson.

Citigroup said that customers social security numbers, birthdays or card security codes were not exposed in the attack and that it was sending out notices to customers whose security was compromised.

Litan said that this hack was unique, in that this is the first time she can think of a bank that was hacked through its website.

"I'm guessing that the hacker got in through an employee email account like Gmail," she said. "I think businesses really have to face a penalty for breaches. Regulators have failed to address this issue."

Rep. Jim Langevin (D-RI), co-founder of the Congressional Cybersecurity Caucus put a statement out on his website, stating that he was, "shocked," to learn about the incident and how Citigroup responded.

"Citigroup knew that their customers' data was potentially exposed back in early May, but is only now, a full month later, informing the public about this threat to their personal information," Langevin said. "The government must also work harder to be good stewards of the public's personal data. Many of our federal systems with large amounts of personal data are outdated, with inadequate security practices."

Citigroup's customer data was also exposed in April when Epsilon reported that they had been hacked. Epsilon manages email for banks such as Citigroup, Capital One (COF), JPMorgan (JPM), US Bancorp (USB) and Barclays (BCS).

--Written by Maria Woehr in New York.



To contact the writer of this article, click here: Maria Woehr.

To follow the writer on Twitter, go to http://twitter.com/newsgirlmw.

To submit a news tip, send an email to: tips@thestreet.com.

Stock quotes in this article: C, JPM, COF, BCS, USB 

Select the service that is right for you!

COMPARE ALL SERVICES
Action Alerts PLUS
Try it NOW

Jim Cramer and Stephanie Link actively manage a real portfolio and reveal their money management tactics while giving advanced notice before every trade.

Product Features:
  • $2.5+ million portfolio
  • Large-cap and dividend focus
  • Intraday trade alerts from Cramer
  • Weekly roundups
TheStreet Quant Ratings
Try it NOW
Only $49.95/yr

Access the tool that DOMINATES the Russell 2000 and the S&P 500.

Product Features:
  • Buy, hold, or sell recommendations for over 4,300 stocks
  • Unlimited research reports on your favorite stocks
  • A custom stock screener
  • Upgrade/downgrade alerts
Stocks Under $10
Try it NOW

David Peltier, uncovers low dollar stocks with extraordinary upside potential that are flying under Wall Street's radar.

Product Features:
  • Model portfolio
  • Stocks trading below $10
  • Intraday trade alerts
  • Weekly roundups
Dividend Stock Advisor
Try it NOW

Jim Cramer's protege, David Peltier, identifies the best of breed dividend stocks that will pay a reliable AND significant income stream.

Product Features:
  • Diversified model portfolio of dividend stocks
  • Alerts when market news affect the portfolio
  • Bi-weekly updates with exact steps to take - BUY, HOLD, SELL
Real Money Pro
Try it NOW

All of Real Money, plus 15 more of Wall Street's sharpest minds delivering actionable trading ideas, a comprehensive look at the market, and fundamental and technical analysis.

Product Features:
  • Real Money + Doug Kass Plus 15 more Wall Street Pros
  • Intraday commentary & news
  • Ultra-actionable trading ideas
Options Profits
Try it NOW

Our options trading pros provide daily market commentary and over 100 monthly option trading ideas and strategies to help you become a well-seasoned trader.

Product Features:
  • 100+ monthly options trading ideas
  • Actionable options commentary & news
  • Real-time trading community
  • Options TV
To begin commenting right away, you can log in below using your Disqus, Facebook, Twitter, OpenID or Yahoo login credentials. Alternatively, you can post a comment as a "guest" just by entering an email address. Your use of the commenting tool is subject to multiple terms of service/use and privacy policies - see here for more details.
DOW 16,408.54 -16.31 -0.10%
S&P 500 1,864.85 +2.54 0.14%
NASDAQ 4,095.5160 +9.2910 0.23%

Brokerage Partners

Rates from Bankrate.com

  • Mortgage
  • Credit Cards
  • Auto
Advertising Partners

Free Newsletters from TheStreet

My Subscriptions:

After the Bell

Before the Bell

Booyah! Newsletter

Midday Bell

TheStreet Top 10 Stories

Winners & Losers

Register for Newsletters
Top Rated Stocks Top Rated Funds Top Rated ETFs