Citigroup took too long to notify customers, says senator

Citigroup discovered on May 10 that hackers had gained access to its credit card customers accounts but did not begin sending out notification letters to customers until June 3 and did not make an official statement on its website until June 15 about the breach.

Menendez chastised Citigroup for the delay and noted that his chief of staff had his Citi credit card account compromised, but only found out when he tried to use the card and it was declined. He called Citigroup and found out his account had been hacked, according to a report on the hearing by IDG News.

The senator then asked one of the hearing participants, Leigh Williams, president of the BITS division of the Financial Services Roundtable, whether he thought a month was an “appropriate time frame” for banks to notify customers of breaches.

"I think that as soon as an institution understands what has occurred, they have an obligation to notify their regulators, under regulatory rules, and they have a fiduciary and a business responsibility to notify customers if there's any way those customers can begin to take action to protect themselves", Williams was quoted by IDG News as saying.

Sen. Menendez said he introduced legislation, the Cybersecurity Enhancement Act, that would provide additional money for cybersecurity research and development.

Sen. Patrick Leahy (D-Vt.), chairman of the Senate Judiciary Committee, recently introduced a bill, Personal Data Privacy and Security Act, that would impose criminal penalties on corporate directors who fail to notify customers of cybersecurity breaches of personal information.

The bill would also establish a national standard for data breach notification, and require US businesses that collect and store consumers’ sensitive personal information to safeguard that information from cyber threats.

Leahy has also introduced a bill that would update the Electronic Communications Privacy Act by improving privacy protections for consumers electronic communications and clarifying legal standards for the government to obtain this information.

Citigroup took too long to notify customers, says senator

You may also like

Citigroup admits to data breach affecting 210,000 credit card customers

Breach at Zappos exposes data on 24 million customers

Sony admits to second data breach affecting 24.6 million customers

Someone’s got to pay

Credit Card Details of 20 Million South Koreans Stolen

What’s hot on Infosecurity Magazine?

Google Street View Images Used For Extortion Scams

Critical Infrastructure at Risk From Email Security Breaches

8000 Claimants Sue Outsourcing Giant Capita Over 2023 Data Breach

Cryptojacking Gang TeamTNT Makes a Comeback

Europol Taskforce Disrupts Global Criminal Network Through Supply Chain Attack

Advanced Phishing Attacks Put X Accounts at Risk

Microsoft Vows to Prevent Future CrowdStrike-Like Outages

Malicious Actors Spreading False US Voter Registration Breach Claims

Half of UK Firms Lack Basic Cybersecurity Skills

UK Recognizes Data Centers as Critical National Infrastructure

UK Hosts International Cyber Skills Conference

White House to Tackle AI-Generated Sexual Abuse Images

Learn Key Strategies for Industrial Data Security

How to Optimize Third-Party Risk Management Programs Through NIST CSF 2.0

Experiencing a DDoS Simulation to Enhance Defenses

How to Proactively Remediate Rising Web Application Threats

Bouncing Back: Building Organizational Resilience in the Face of Cyber-Attack

The Future of Fraud: Defending Against Advanced Account Attacks

Infosecurity Magazine Autumn Online Summit 2024: Day One

Infosecurity Magazine Autumn Online Summit 2024: Day Two

Clark County CIO Shares Insights on Securing AI Innovation and Broadband Initiatives

From Protests to Profit: Why Hacktivists Are Joining the Ransomware Ranks

Iranian Hackers Secretly Aid Ransomware Attacks on US

Post-Compromise Security: What to do When the Hackers Get in