Citigroup says 218,000 affected by hackers

...as large of a corporation that you are how come you didn't already have those "procedures" in place to begin with?

Easy. It would've cut into their profits. The age of protecting your customers and customer support ended back in the 80's. The only thing that these [too large manage] companies understand is money. What they can save by ignoring an issue until they have to address that issue is more profit.

Just makes you feel all warm and fuzzy doesn't it? I swear if it could be done I would like to see every credit card carrying customer just not pay their damn bill for one month, it will make a security breach look like recess at daycare. That would make them sit up and pay attention.

I do not work for Citibank but I do work in IT department for a financial institution...

got a plan for that?

- First of all, a hacker is not going to contact you. All he/she is interested in is stealing your information and selling it to identity thieves. There is NO reason for them to contact you, they already have all of your information.

By the way, as large of a corporation that you are how come you didn't already have those "procedures" in place to begin with?

- How do you protect against a vuneralbility that you do not know is there? Hackers are finding new ways EVERY DAY to attack corporations.

The age of protecting your customers and customer support ended back in the 80's

.
- Bull@!$%#. Large companies can spend 100's of millions to protect customer's data but the number of hackers increase every day and new techniques to subgigate security measures are being developed just as fast.

How distressing that out-sourced workers for citi bank can't maintain security in which all card holders will pay for this breach... sigh

- Citibank has IT operations all over the world (US, India, Germany, Mexico...). Do you have any proof that it was the outsourced team that caused the problem?

The hackers were able to gain access to Citi's Account Online service to view customer names, their account numbers and contact information including email addresses.

They weren't able to gain access to social security numbers, birth dates, card expiry dates or card security codes

PfftWhatever!- First of all, a hacker is not going to contact you. All he/she is interested in is stealing your information and selling it to identity thieves. There is NO reason for them to contact you, they already have all of your information.

According to what is plainly written in this news article, the hackers only accessed names, contact information, account numbers and e-mail addresses. From there its like taking candy from a baby to mock a Citigroup website and e-mail or contact customers to report a security breach and then ask for your SSN to verify your identity. Think it hasn't happened? It has and believe me people are still very vunerable and will not hesitate to give that information out without thinking it through.

PfftWhatever!- How do you protect against a vuneralbility that you do not know is there? Hackers are finding new ways EVERY DAY to attack corporations.

Oh I don't know how about cutting into their insanely obscene profits and putting together an IT Guru Team to work 24/7 to stay one step ahead of the hackers?

Bull@!$%#. Large companies can spend 100's of millions to protect customer's data but the number of hackers increase every day and new techniques to subgigate security measures are being developed just as fast.

I agreed, Bull@!$%# Please enlighten me on what your financial institution actively does to protect their data?

OH PfftWhatever!, Now you've stepped into my area. How long have you been in IT? Have you worked your way up through desktop support, networking, development into a managerial position where you can set policies? I have.

Not only have been in IT since 1978, I also have MS, Novell, Oracle, MSSQL [current] certifications(just to name a few), and even was a Microsoft & Novell certified trainer. As a manager in a software company, you need to be proactive not reactive. I will say (& silghtly sgreed with you) that one can't always predict everything but when's the last time your financial institution had a (software, network) security audit?

Something as simple as protecting a database is quite simple if an organization actually has an SOP for security (changing passwords, difficultly of passwords, firewall & firewall feature sets on routers, DMZ, etc).

And one thing you failed to mention, what is the number one reason that data is compromised? It is internal! Either a disgruntle employee or an untrained employee volunteering information. Shss! I see this all time in the organizations that I go into. From a pissed off employee intentionally hacking a system to an untrained employee giving secured information out thinking the individual they are talking to is a real IT department (basically phone phising) to a dumb user loading the latest & greatest application on the PC (that is full of viruses, bots, adware, etc) because their desktop isn't properly secured.

Here's a a test for you (or anyone else); Next you go to your bank, walk over to one of the individuals that are in the lobby (manager, employees that open & closed accounts) and request specific information about your account. 8 out of 10 times they will type in their username and password into the account/banking software right in front of you. All you need to do is watch the keyboard. I've used this numerous times when having to perform security audits (whitehatter crap).