Recently, Citigroup announced that hackers had breached its security and gained access to the data of more than 200,000 of its credit-card customers in North America. The bank said that while information concerning customers’ names, credit-card numbers, addresses, and email addresses was obtained by the hackers, data such as Social Security numbers, date of birth, card expiration date, and card security codes were not compromised, making it less likely, claimed the bank and security experts, that the exposed customers would become victims of fraud. That may be of little assurance, however, to those customers affected by the Citibank breach or the millions of Americans whose private information has been stolen in recent years. Initial news accounts of the breach reported that the hackers gained access to the records by first logging on to the Citigroup customer website. Nelson D. Schwartz & Eric Dash, “Thieves Found Citigroup Site an Easy Entry,” N.Y. Times, June 13, 2011, at A1.
Reports have indicated that in 2010, approximately 3.8 million records containing personal information were compromised and that more than a third of those records were from banks and other financial institutions. Id. Many victims of database breaches are pointing fingers at the entities that hold their personal information, complaining that too little is being done to safeguard that information from theft.