Citi Hackers Got Away With $2.7 Million 126
angry tapir writes "Citigroup suffered about US$2.7 million in losses after hackers found a way to steal credit card numbers from its website and post fraudulent charges. Citi acknowledged the breach earlier this month, saying hackers had accessed more than 360,000 Citi credit card accounts of U.S. customers. The hackers didn't get into Citi's main credit card processing system, but were reportedly able to obtain the numbers, along with the customers' names and contact information, by logging into the Citi Account Online website and guessing account numbers."
Amateur (Score:4, Informative)
Let's not forget that the account numbers were passed with no security in the URL. I think I'll be canceling my Citi card (when I pay it off...).
Re:Amateur (Score:5, Informative)
Credit Unions are non-profit organizations, with totally different goals. It is possible, and not uncommon, to have smaller credit unions that are just a few dozen to a few hundred people.
They are much, much more transparent than banks and frequently totally transparent in both their books and operations.
For example, I found that my place of work has a credit union. Its sole purpose is basically to make affordable car loans to employees. There is no online banking, no ATMs, and just one office open 3 hours a day, 4 days a week. Almost no one has a "checking" account there, because they offer only the barest minimum of service.
What they do offer is savings accounts and auto loans and very reasonable rates. No, they don't offer mortgages.
They're chartered, insured and totally transparent to members -- 95% of which see each other on an almost daily basis.
Re:PCI compliant? (Score:5, Informative)
Re:Amateur (Score:4, Informative)