Citi data theft points up a nagging problem

Even more striking is that similar data breaches have been occurring for years and the financial industry has failed to prevent them.

Details remain scarce,but the disclosure of the Citigroup breach on Thursday quickly turned into a debate on whether the banks and major credit card companies had invested enough money to safeguard the personal information of their customers.

Theyre not at all on top of it, said Avivah Litan,a financial security analyst at Gartner Inc. Its almost shocking.

In Washington,the finger-pointing has already begun. Sheila C Bair,the chairwoman of the Federal Deposit Insurance Corporation,said on Thursday that she planned to call on some banks to strengthen their authentication procedures when customers log onto online accounts.

Thats on top of new data security rules that federal regulators are completing.

Lawmakers,meanwhile,said they were outraged that Citigroup waited since early May to notify its customers; some are preparing legislation.

Representative James R Langevin,a Rhode Island Democrat,said he was shocked and disappointed to learn of Citis delayed disclosure.

Consumers,meanwhile,are feeling increasingly vulnerable amid recent reports of data breaches at big companies,such as Lockheed Martin,Epsilon and Sony. On Thursday,Citigroup began notifying about half of the 200,000 affected customers that it planned to replace their credit cards after it discovered last month that hackers had gained access to its computer systems.

On Thursday,Citigroup began notifying about half of the 200,000 affected customers that it planned to replace their credit cards after it discovered last month that hackers had gained access to its computer systems. The bank said that the thieves obtained customer names,card numbers,addresses,and e-mail details.