The Financial Times of London reported last night that Citigroup had been hacked, and that an unknown number of credit card accounts compromised. The FT says the number could reach into the hundreds of thousands.

The FT article says Citigroup discovered the breach in early May through routine monitoring of banking activity but the bank did not publicly disclose the breach until the FT started to make inquiries.

The story in the FT states that:

"The breach occurred at Citi Account Online, which holds basic customer information such as names, account numbers and email addresses. Other information such as birth dates, social security numbers and card security codes are held elsewhere and were not compromised, Citi said."

Citigroup says that it has contacted law enforcement, but it refuses to give additional details about the hack other than to say that about 1% of its credit card holders were affected. The bank, the FT says, has 21 million customers in North America.

Citigroup also told the FT that only credit card accounts have been compromised, but the FT reports that Citigroup debit cards might also have been compromised.

For a major bank to be breached is, as one security analyst put it, a "very big deal."

For the breach not to be reported until a newspaper comes calling is probably going to turn it into an even bigger deal.

What is intriguing is that an article in Tuesday's New York Times says that Citigroup is among the companies that is going to replace its SecurID tokens after the hack at RSA.

So, is this hack a result of the SecurID breach, and is that why the bank is being so mum about it? If so, this could make it a tremendously huge deal, especially for RSA.

At the very least, this latest breach will provide further ammunition to those in the US Senate trying to make public companies disclose security breaches, which many never mention. It would also give additional ammunition to Senator Patrick Leahy who has introduced once more a bill that would make the "intentional or willful" nondisclosure of a data breach a federal crime.

That is looking more and more like a good idea.

PHOTO: iStockphoto

The Conversation (0)

The Cellular Industry’s Clash Over the Movement to Remake Networks

The wireless industry is divided on Open RAN’s goal to make network components interoperable

13 min read
Photo: George Frey/AFP/Getty Images
DarkBlue2

We've all been told that 5G wireless is going to deliver amazing capabilities and services. But it won't come cheap. When all is said and done, 5G will cost almost US $1 trillion to deploy over the next half decade. That enormous expense will be borne mostly by network operators, companies like AT&T, China Mobile, Deutsche Telekom, Vodafone, and dozens more around the world that provide cellular service to their customers. Facing such an immense cost, these operators asked a very reasonable question: How can we make this cheaper and more flexible?

Their answer: Make it possible to mix and match network components from different companies, with the goal of fostering more competition and driving down prices. At the same time, they sparked a schism within the industry over how wireless networks should be built. Their opponents—and sometimes begrudging partners—are the handful of telecom-equipment vendors capable of providing the hardware the network operators have been buying and deploying for years.

Keep Reading ↓ Show less