Data breaches are expensive for companies – but they can be even worse if they aren’t handled properly after they occur.
Citigroup failed to tell their clients about a recent data breach. The incident happened May 10th, but the company didn’t tell their customers until June 3rd.
Citigroup suffered a $2.7 million loss after hackers broke into customers’ accounts. Hackers impersonated over 3,400 credit card accounts by accessing the company’s website and posting fraudulent charges.
The criminals cleverly went between different Citigroup records by inserting various account numbers into a string of text located in a browser’s address bar.
The hackers’ code systems repeated this method thousands of times, and captured thousands of customers’ confidential information.
Citi’s postponement of the details of the episode is costing them a fortune. In addition to the $2.7 million stolen from accounts, the Poneman Institute estimates Citigroup will pay $214 per hacked record. That’s about $77 million altogether for 360,000 affected customers, ComputerWorld reports.
This steep payment will cover the cost of notifying customers of the incident, and reissuing credit card numbers to them.
This incident should serve as a reminder for companies that a quick response after a data breach can save a lot of money and trouble — that includes notifying affected customers as soon as possible.