The Wall Street Journal ran a front page story that Citigroup, Inc. had been hacked. Citi responded that there was no breach, then PC World reported that it was an "old breach confused as a new breach." Then the WSJ story was attacked as being inaccurate...In any event, there is a very good reason that U.S. banks have generally been loath to disclose computer attacks. Fear of scaring off customers. It's all about deposits. You get hacked, it's harder to get deposits. Therefore, we will never know the magnitude of losses suffered by financial institutions due to cyber-siphoning. Many say take whatever figure they report and times it by 5. I say times it by 10 and you'd be closer to the real numbers. Either way, we're talking losses of $1B+.
According to the Financial Times Paul Murphy,
"Official statistics in the US suggesting $260m was lost last year in all forms of online crime are a complete joke." It’s a scandal. Why the authorities and the banks allow this cover-up to continue is a mystery.This, from Seeking Alpha:
How Big of a Problem Is Cybertheft from Banks?
The WSJ’s front-page story was clear and unhedged:The Federal Bureau of Investigation is probing a computer-security breach targeting Citigroup Inc. that resulted in a theft of tens of millions of dollars by computer hackers who appear linked to a Russian cyber gang, according to government officials.The fallout, however, is incredibly muddy and opaque.
- Citigroup (C) is strenuously denying that there was any breach at all, let alone any losses; it also said in the original story that the WSJ’s smoking gun — the disappearance of $1 million from a Citibank bank account in Mt Vernon, NY — was “an isolated incident of fraud”.
- PCWorld says that the story is wrong:
- ABC has weighed in too, deciding that Citigroup and the WSJ are both wrong, and that “the truth here is somewhere in the middle”, whatever that’s supposed to mean.
- The Financial Times Paul Murphy has an interesting theory: Citigroup, like every major bank in the Western world, is covering up the fact that online fraud — both sophisticated and unsophisticated — is running at epidemic levels. But it can’t be seen to be singled out as an institution with weak controls, where the public at large might be fearful of depositing their money. So it goes on the denial warpath.
