Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×
Crime Privacy Security The Almighty Buck IT

Citi Hackers Got Away With $2.7 Million 126

Posted by timothy from the us-dollars-even dept.
angry tapir writes "Citigroup suffered about US$2.7 million in losses after hackers found a way to steal credit card numbers from its website and post fraudulent charges. Citi acknowledged the breach earlier this month, saying hackers had accessed more than 360,000 Citi credit card accounts of U.S. customers. The hackers didn't get into Citi's main credit card processing system, but were reportedly able to obtain the numbers, along with the customers' names and contact information, by logging into the Citi Account Online website and guessing account numbers."
This discussion has been archived. No new comments can be posted.

Citi Hackers Got Away With $2.7 Million More

Citi Hackers Got Away With $2.7 Million

Comments Filter:

  • Amateur (Score:4, Informative)

    by Anonymous Coward on Sunday June 26, 2011 @10:30AM (#36576098)

    Let's not forget that the account numbers were passed with no security in the URL. I think I'll be canceling my Citi card (when I pay it off...).

  • Re:Amateur (Score:5, Informative)

    by chill ( 34294 ) on Sunday June 26, 2011 @11:28AM (#36576430) Journal

    Credit Unions are non-profit organizations, with totally different goals. It is possible, and not uncommon, to have smaller credit unions that are just a few dozen to a few hundred people.

    They are much, much more transparent than banks and frequently totally transparent in both their books and operations.

    For example, I found that my place of work has a credit union. Its sole purpose is basically to make affordable car loans to employees. There is no online banking, no ATMs, and just one office open 3 hours a day, 4 days a week. Almost no one has a "checking" account there, because they offer only the barest minimum of service.

    What they do offer is savings accounts and auto loans and very reasonable rates. No, they don't offer mortgages.

    They're chartered, insured and totally transparent to members -- 95% of which see each other on an almost daily basis.

  • Re:PCI compliant? (Score:5, Informative)

    by shoehornjob ( 1632387 ) on Sunday June 26, 2011 @12:41PM (#36576860)
    About 5 years ago I worked for a compliance unit in the brokerage section of Citi. Prior to the creation of this unit managers in different departmets were responsible for making sure their employees were in compliance. When I started there we found that the firewall guys were granting access to whole segments of ip addresses instead of just the 7 or 8 that were needed. We also found the Unix guys were not deleting access to highly sensative databases after employees left the company. Something tells me that the culture of ignorance in that place isn't going to stop any time soon. About 2 years after our group was formed they sent our jobs over to India. We were only there to develop the process and iron out the kinks. They gave the crew in India a month to learn our process manual and 8-9 months later they still didn't get it. Lets add greed to a culture of incompetance. BTW that's where the name shoehornjob comes from. For a while there the manager would come to us and shoehorn in new processes without review or vetting them.

  • Re:Amateur (Score:4, Informative)

    by unkiereamus ( 1061340 ) on Sunday June 26, 2011 @07:39PM (#36579350)
    A credit union that I used to belong to offers true credit cards: https://www.sccfcu.org/asp/products/product_2_3.asp [sccfcu.org]

Slashdot Top Deals

The use of money is all the advantage there is to having money. -- B. Franklin

Close