Poor security – Citigroup, 2013
The personal information of 150,000 Citigroup clients who filed for bankruptcy between 2007 and 2011 was exposed after Citigroup failed to properly redact court records prior to storing them on the Public Access to Court Electronic Records (PACER) system.
Citigroup claims that the mishap occurred due to a limitation in the software that the company used to redact personal information. Since Citigroup refused to divulge what software led to the breach, it is impossible for the public to know how the attack was conducted.
Following the incident, the company was quick to upgrade its computer software and re-train its employees on enhanced redaction policies and procedures in order to avoid similar attacks in the future.
Expert insight: Software updates are vital to maintaining computer security because they patch security vulnerabilities, fix program bugs and provide program enhancements. Computer software that is not updated presents a higher risk of being infected with malware and being exploited by other malicious attacks. Organizations must be proactive in order to ensure that security technologies and procedures are up to date and employees are properly trained on security procedures.
It only takes one mistake or oversight to open a company’s network to risk. Contact us to learn how our Enterprise Security Assessment (ESA) can help identify and prevent security risks.