More than 200,000 Citigroup bank accounts were hacked in last month, according to just-released data from the company, and federal regulations could tighten because of the security breach.
Details of the hack remain scarce. The bank says hackers probably accessed names, card numbers, addresses and e-mail information. Social Security numbers remain safe, as does other personal information, so it’s possible the thieves have little power with their current info.
Citi says it started alerting victims Thursday to replace their stolen cards, even though the breach occurred in early May. It’s unknown why they waited so long to begin the notification process.
“I have no idea why Citigroup waited. I cannot say for certain, but I would assume the company is attempting to figure out how the breach happened,” Jaime Peters, Citi analyst for Morningstar, told the E-Commerce Times.
Citi said it was indeed investigating the matter and figuring out how to prevent hacks in the future. It claimed to be implementing enhanced procedures to prevent a recurrence of the event.
As of yet, no incidents of fraud have been reported.
Citigroup did not respond to the E-Commerce Times’ request for further comment as of press time.
The attack is certainly not the first bank data breach in recent history, although it is one of the more large-scale attacks. Most recently, other large companies such as Sony and Google have endured cyberattacks on their systems.
Federal regulators are concerned about the future of online crime in a world where more and more consumers store their personal data in the cloud. They say without enforcing enhanced regulations, consumers will be setting themselves up for identity theft, online scams and fraud.
“By their nature, financial institutions are particularly attractive as targets for fraud and illegal Internet crimes. The FDIC continually monitors vulnerabilities as they evolve to prevent and deal with these risks and their impact on institutions and their customers. Both banks and regulators must remain vigilant,” said FDIC Chairperson Sheila C. Bair.
Part of that vigilance may include tighter regulation in the future.
“There are some inter-agency guidelines that are being developed that will come out in the near future,” Dean Debuck, press spokesperson for the Office of the Comptroller of the Currency, the federal arm that regulates Citigroup, told the E-Commerce Times.
Those regulations, Debuck said, will be geared toward banks and deal with authentication and related issues.
He did not comment on whether or not Citigroup will face investigation after the current leak.
Business as Usual?
Analysts say the breach is unlikely to have much of an overall effect on Citigroup business. Like companies that have endured hacks in the past, customers are concerned but oftentimes not enough to pull out on a large scale.
“I actually doubt there is too much of a business-related impact from it. Some more IT spending, but other than that, they may lose some customers over this, but I do not expect to see any mass exodus,” said Jaime Peters.