Citigroup hack puts thousands of US customers at risk

Multinational financial conglomerate Citigroup has become the latest high-profile organisation to suffer a hacking attack, after it was revealed that thousands of customers in the US may have had their Citi online accounts compromised.
Widespread reports suggest that the attack happened in May, but that the banking group deliberately kept it from the media.
Around one per cent of Citigroup's US customers are thought to have been affected, which could still run into the hundreds of thousands.
Names, account numbers and email addresses are among the details thought to have been compromised. Other information, such as birth dates, social security numbers and card security codes, were not exposed, according to the Financial Times, which broke the story.
Law enforcement officials have been contacted, and fraud detection measures tightened, according to the report.
"We are contacting customers whose information was impacted. Citi has implemented enhanced procedures to prevent a recurrence of this type of event," the firm said in an emailed statement to Reuters.
Citigroup added that it was not disclosing further details for security reasons.
Ron Gula, chief executive of network security firm Tenable, argued that IT teams and those in the boardroom need to take a more proactive approach to security.
"Moving forward, the IT network management environment is only going to become more complex and challenging, both internally and externally - so system administrators must ensure they have a holistic view of their networks and can see what's happening, at every moment, to make sure they're not the next company to leak their customer's details," he said.
Richard Bentley, vice president for capital markets at Progress Software, argued that firms need to handle such incidents better.
"It should be the responsibility of the company to inform its customers in real-time of any incidents of this nature and provide reassurance that it has been dealt with," he said.

"Worryingly, what we are seeing is a lack of company responsiveness, a breach of a different kind that can be addressed instantly in the form of responsible customer service and engagement."
The Citigroup revelations come with Sony still reeling from numerous attacks on its systems which have revealed key weaknesses, such as storing usernames in plain text.
The hack on RSA Security also appears to have led to separate follow-on attacks on customers of its two-factor authentication tokens such as Lockheed Martin.