As technology becomes more and more integrated into the business world, it is extremely import for companies to keep a close watch on their customers’ data. This includes high-tech security systems and an IT team with full knowledge of how to keep up with any holes or breaches. However, hackers are becoming better, faster and smarter and even the toughest security system can experience privacy issues. One example of a company that recently dealt with a large hack is Citi Bank, a well-known credit card company.
According to an article from Wired Online Magazine, on May 10 of 2011 hackers acquired personal information from about 360,000 Citigroup customers. The breach revealed customer names, account numbers and contact information, but hackers were not able to obtain Social Security Numbers, birthdays, expiration dates, or security cards. Only credit cards were affected. The company’s network was penetrated by a technique called parameter tampering. This technique attacks vulnerabilities in company websites by typing various strings of data into the address bar of a browser. This was repeated thousands and thousands of time to eventually access the data.
Citigroup discovered the breach during a routine security check and was able to replace customer credit cards within three weeks of the incident. The cost to replace each credit card was $20, resulting in over $700,000 in damage. Citigroup’s team worked quickly and diligently to recover their customers’ damage and improve their security systems. Fortunately, this impact was not as harmful to customers as it potentially could have been. The fact that the hackers were not able to obtain Social Security Numbers or more credit card information is a key factor. Citigroup (and all credit card companies) advise their users to keep a close track on financial statements and reset unique passwords and security codes just to be safe.
This event happened as a result of a combination of loose security and persistent hacking maneuvers. As described before, the information was obtained by going through the company’s website, even though Citigroup does its best to stay on top of customer security.
I believe this event served as a huge awakening for Citigroup and other credit card companies. As technology use increases, ethical standards are put more and more at risk. It is important for any company with a data system (especially with personal customer information) to remain on top of system security at all times. Mobility and speed of technology forces companies to keep the tightest security if they’d like to keep customer business and trust.
Source:
Citi Credit Card Hack Bigger Than Originally Disclosed by Kim Zetter
Wired Online Magazine. June 16, 2011.
http://www.wired.com/threatlevel/2011/06/citibank-hacked/
sammdolan 