The past few months have been a slap to the face to many large businesses. In the news, we have been following Sony’s big breach (with several smaller ones following), Michaels debit terminal debacle, and now we can confirm that Citigroup has had a significant breach.
From initial reports, it sounds like Citigroup discovered unusual access to it data and re-issued 10’s of thousands of credit cards to its customers. “During routine monitoring, we recently discovered unauthorized access to Citi’s Account Online,” Citigroup said in a statement.
What is particularly disturbing about this breach is that it comes after the Sony breach which also consisted of a successful attack against a web portal. In light of the issue acknowledged by RSA, a security token manufacturer who had crucial data stolen rendering several of its key fobs useless, and the breach of Sony, every major company who has a web site should be penetration testing their environment monthly (at a minimum). Attacks are focusing again on big businesses, and websites are available 24X7X365. Remember, to keep someone out, you must be successful everytime. To break in, a hacker has to be successful only once.
This is an alarming trend for 2011 and we are only 1/2 way through.