Citigroup hackers made $2.7 million

Discussion in 'User Submitted News' started by Zekrom_cool, Jun 25, 2011.

  1. Zekrom_cool
    OP

    Zekrom_cool I respect faith, but doubt is what gets you an edu

    Member
    915
    24
    Apr 17, 2011
    India
    Heaven [N's Castle]
    -snip-


    Citigroup suffered about $2.7 million in losses after hackers found a way to steal credit card numbers from its website and post fraudulent charges.

    Citi acknowledged the breach earlier this month, saying hackers had accessed more than 360,000 Citi credit card accounts of U.S. customers. The hackers didn't get into Citi's main credit card processing system, but were reportedly able to obtain the numbers, along with the customers' names and contact information, by logging into the Citi Account Online website and guessing account numbers.

    Until now, it wasn't clear how much -- if any -- fraud had occurred as a result of the theft. But Citi confirmed Friday that there were losses of $2.7 million from about 3,400 accounts.

    The bank has said its customers will not be liable for the losses.

    Citi learned about the hack on May 10 and began notifying customers on June 3. The bank said other sensitive data, such as Social Security numbers, birthdates and the cards' CVV (Card Verification Value) security codes used for online transactions, were not taken.

    In addition to the fraud losses, Citigroup will have to pay the cost of notifying customers and reissuing credit card numbers for the 360,000 affected clients. The Ponemon Institute has estimated the average cost of a data breach at $214 per compromised record. By that yardstick, the breach would cost the bank $77 million.



    Source
     
  2. Sicklyboy

    Sicklyboy Resident Mechanical Keyboard Addict

    Global Moderator
    5,712
    4,674
    Jul 15, 2009
    United States
    [̲̅$̲̅(̲̅ ͡° ͜ʖ ͡°̲̅)̲̅$̲̅]
    ahem... stop following suite of Sony.
     
  3. ShadowSoldier

    ShadowSoldier GBAtemp Guru

    Member
    9,383
    3,300
    Oct 8, 2009
    Canada
    Wait.. that's waaaay worse than Sony's notice. And not to mention this hack is worse than Sony's too.

    Well Sony, looks like I should apologize. But I won't because I still hate you and everything you do.

    Anyways, what took so long for Citi to tell people anyways? I mean, if actual money was taken, you'd figure that they would notify people like right away... right? Hell, last year when ATM's here and banks and everything was being hacked, the banks would call you saying some stuff is going on. That's what happened to us. The bank my parents use, as soon as money was being used for suspicious transactions, they called us right away.
     
  4. shadowmanwkp

    shadowmanwkp Your roms are on another rom site

    Member
    486
    33
    Apr 17, 2008
    Netherlands
    Vleuten, The Netherlands
    We're not talking about physical money here, but virtual money. The hackers got away with virtual money and probably transferred the money to another account, but citigroup lost no physical money. This means that no person has lost his or her money (I hope) and thus the news came out a tad late.

    A bank doesn't have all its money at hand, they invest it in new buildings or try to make profit with it. In practice, a bank needs only about 10% of the money their customers to keep them satisfied, because they won't withdrawing everything at once anyways. Therefore they can invest it in other things. There's also the case of money just being made out of nothing: if you borrow money, the bank just "creates" money. They don't have money to give to you, but you don't either (that's the reason why you ask the bank for money), what they do is give you the opportunity to spend the money, but they expect it back within a set time, thus the balance remains equal.

    However, if a bank does this too much, like in the credit crisis, they get problems because they give money to people that can't pay it back. The bank gets more costs and needs the lended money to cover up for the 10% of the customers that withdraw their money daily. If it gets worse, the people will mistrust the bank and about 80% of the people demand their money back, but because a bank only has enough money for 10% of the people, it will go bankrupt.

    tl;dr The money ain't physical, so they can solve it easily. It does get a big problem if people are going to do a run on the bank
     
  5. Foxi4

    Foxi4 On the hunt...

    pip Reporter
    23,537
    21,496
    Sep 13, 2009
    Poland
    Gaming Grotto
    Sony could be slightly "excused" here, they're not a banking group, they don't deal with credit cards non-stop. Citi is a bloody banking group, the hack should've been detected immediatelly. Sony deals in Technology, Citi deals with MONEY. MONEY should probably be their focus here.

    They did not notify the clients simply because they're a big group. Circa 3 mil losses are "f*ck that change, we deal with the big stuff" type of losses - they'll simply put the money back on respective accounts.

    Few IT specialists will loose their comfy seats, but still. They showed a big FU to their clients here.
     
  6. DeMoN

    DeMoN GBAtemp Guru

    Member
    7,651
    102
    May 12, 2004
    United States
    Damn I hope this doesn't happen to Bank of America. I barely have enough money as it is, I don't need hackers stealing it.
     
  7. ShadowSoldier

    ShadowSoldier GBAtemp Guru

    Member
    9,383
    3,300
    Oct 8, 2009
    Canada
    The bank lost money dude. They have to come up with credit cards for everybody now, which isn't exactly cheap.
     
  8. Foxi4

    Foxi4 On the hunt...

    pip Reporter
    23,537
    21,496
    Sep 13, 2009
    Poland
    Gaming Grotto
    I have to agree with Shadow here - the costs will be immense, and that's not only limited to swapping credit cards.

    A) They'll have to return the stolen money, that means that an investigation team will have to look through thousands of account histories to check whether withdrawls were factually made by the card owners or was it somebody else, living miles and miles away.

    B) They'll have to re-program the entire system to patch the hole in it.

    C) They'll have to issue new credit cards to all affected CC users.

    D) They'll have to spend some cash to fix up their PR.

    That's no small talk, the money they'll spend on fixing the issue is nothing compared to the losses they sustained while the hackers stole money. There's no such thing as "non-physical money", the money's always somewhere, and if it's a bag with a hole in it, you're leaking money bro.
     
  9. trumpet-205

    trumpet-205 Embrace the darkness within

    Member
    4,363
    542
    Jan 14, 2009
    United States
    INCORRECT.

    In the case of credit card fraud, credit card company CANCELS the transaction. Meaning any credit merchant earned must be returned to the credit card company. It is the merchant at lost, not the credit card company. It is part of the agreement between merchant and credit card company.

    Although most merchants already signed up for charge back insurances, in that case insurance company will reimbursed any charge back lost back to merchants.

    2.7 millions lost in the news are referring to potential earning from interchange/discount fee (fee merchant agreed to pay to the credit card company for each card transaction) and any applicable fee.

    Citigroup will lose this potential earning and incur any cost of reissuing account numbers. They will not incur other cost, merchants will.
     
  10. SamAsh07

    SamAsh07 GBAtemp Addict

    Member
    2,696
    67
    Jan 27, 2009
    Bosnia and Herzegovina
    Bahrain
    They warned customers like after a month? Nice one.
     
  11. Foxi4

    Foxi4 On the hunt...

    pip Reporter
    23,537
    21,496
    Sep 13, 2009
    Poland
    Gaming Grotto
    That's not an International rule, who's to say the money was stolen IN THE US? It affected US Customers, but you don't know where the withdrawls were made. It could be the other end of the globe, and for all the merchant cares, they can "blow him" in that case.

    In Poland, if a bank looses money due to an incident like this, it just looses money. No returns. Sorry princess, you had shitty AP and that's the price, end of story. Cancelling all those transactions costs our money, not theirs, we don't roll that way.
     
  12. Bladexdsl

    Bladexdsl ZOMG my posts...it's over 9000!!!

    Member
    16,112
    3,785
    Nov 17, 2008
    Australia
    Queensland
    so lulzsec are bank robbers now?
     
  13. ferofax

    ferofax End of the World

    Member
    2,566
    437
    Jan 26, 2009
    Philippines
    ...could be they stumbled onto something they could use for this in their 50-day rampage. who knows?

    but hey, virtual money is just that, virtual money. as far as i'm concerned, if it's not cold hard cash, it might as well be in Gil.