New York Citigroup’s disclosure that the names, account numbers and email addresses of 200,000 of its credit card customers were stolen strikes at the core of modern-day financial life — the ways people buy groceries and pay the power bill.
It’s only the latest major data breach. In just the past three months, hackers have penetrated 100 million Sony PlayStation accounts, the networks of Lockheed Martin and the customer email databases of a company that does marketing for Best Buy and Target.
But half of all Americans, 154 million people, have a credit card. The Citi attack is a reminder that the technology used to protect their information was built by humans, security analyst Jacob Jegher notes — and it can be breached by humans, too.
“People rely on the safety net of a bank to take care of their information,” says Jegher, a senior analyst at Celent, a research firm that focuses on information technology in the financial industry. “Unfortunately, that net has a lot of holes.”
Citi says all of the customers whose information was stolen will receive a notification letter, and most of them will get a new card, although it has declined to say exactly how many. The bank says its enforcement division and authorities are investigating.
The victims will have to endure the hassle of updating the credit card numbers on any number of online accounts, but they probably won’t lose any money. For one thing, federal laws protect credit card customers from fraud beyond $50, and in most cases the bank that issues the card will cover up to that amount.
And the Citi hackers didn’t get to the three-digit numbers that appear on the backs of credit cards, a security feature known as the CVV code.