The account details for nearly 200,000 Citigroup customers – or close to 1% of the bank’s total client base – in North America were exposed in the latest cyber attack.
During a routine check, Citigroup realized that hackers were able to access the bank’s online account services and view customer account numbers, names and contact details (email, etc). While hackers were able to see pertinent information, they were unable to access birth dates, social security numbers, card security codes or card expiry dates.
According to its 2010 annual report, Citi has over 21 million credit card customers in North America, but the bank didn’t say how many accounts were compromised. Due to security measures, the American bank would not disclose many details of the data breach; however, Sean Kevelighan, spokesperson for Citi’s North American Consumer Banking Division told the Associated Press that it had contacted customers and put procedures in place to prevent a recurrence.
100 Million Accounts Exposed in Sony Attack
Citigroup is not a lone target. In April, Sony confirmed that over 100 million accounts worldwide had fallen victim to one of the biggest data breaches in history. Personal data, including birth dates and names as well as some credit card information, may have been stolen from the Sony PlayStation Network. Alan Paller, Director of Research for the SANS Institute, described the attack to CBC News as one of the “top five ever.”
The PlayStation Network is the hub for over 70% of PlayStation 3 video game consoles that allows users to chat, play games online, surf the web and download content.
1 Million Accounts Hit at Sony Pictures
The security breach at PlayStation, which temporarily forced the site to shutdown, was soon followed up by a second attack on Sony Pictures. Using what they deemed a basic technique, hackers bypassed security by a method that experts say could have been prevented, compromising over 1 million accounts.
The hackers, who refer to themselves as Lulz Security (a reference to the term “laugh out loud”), mocked Sony in a press release, saying “SonyPictures.com was owned by a very simple SQL injection, one of the most primitive and common vulnerabilities, as we should all know by now. From a single injection, we accessed EVERYTHING.”
The hackers told victims to blame Sony: “Why do you put such faith in a company that allows itself to become open to these simple attacks?”
Classified Canadian Government Data Stolen
Government is not exempt from the target list, and in January of this year, hackers attacked the computer systems of two of Canada’s federal departments, stealing classified information by finding a path into the federal network and conning staff into providing passwords. CBC News reported the attack in February, but Prime Minister Stephen Harper said the government had a strategy to protect computer networks, admitting cyber security is “a growing issue of importance.”
Reinforcing Security
Overall, there is no way to prevent a cyber attack, but when trouble arises experts say that disconnecting computers from the Internet and hiring professionals to track missing data are important steps. Also, installing software that monitors “data leaving the system through strange routes” as well as implementing "whitelist" software are other recommended ways to help minimize risk.
Key Players – Global IT Security Market
- Check Point Software Technologies, Juniper Networks, Cisco Systems, Symantec Corporation, SonicWALL, Websense, McAfee, BitDefender, Norton, Barracuda
