The latest big business security breach affected Citigroup and about 1% of the company’s credit card customers. Hackers were able to access the customer database, finding customers’ names, credit card numbers, and email addresses free for the taking. The hackers were not able to gain access to other personal information, like Social Security numbers, card verification numbers, or birth dates. The company has started contacting affected customers.
It’s unlikely that customers whose numbers and names are significantly more susceptible to identity theft as a result of this breach, because Citi kept the more sensitive information secure. It may still be a god idea to change your password if you have online access to a Citi credit card. In cases like these, there is little that customers can do to avoid being included in a data breach short of opting out of the finance industry overall. If you never sign up for a credit card, you prevent hackers from stealing your information. Once you’re in “the system,” you have to rely on banks to protect your information appropriately.
As a result of this breach and the continual development of technology, financial institutions may soon find new regulations that require even stricter security for online access. Some financial institutions now offer options for their customers to authenticate via a SecurID — technology that uses wireless networks to provide a unique code over the air that must be verified before you can access your account. In my role at my former job, I accessed banking institutions on behalf of the company, and every bank required a different wireless device. This could be where the consumer market is heading — and if it is, it’s going to make even more sense to simplify your finances.
Additional information: According to the Wall Street Journal, Citigroup waited up to three weeks after the incident before notifying customers. The delay was due to an investigation into the issue.
Update: Of the 360,000 accounts breached, only 3,400 accounts were subject to fraudulent charges by the hackers. Customers are not responsible for fraudulent charges, though the total loss on Citi’s side due to the fraud is $2.7 million.
Yahoo Finance / AP, CNN Money
Updated December 22, 2011 and originally published June 27, 2011.