Banks, credit-card issuers warn of email breach

Thanks Citi, you can lower my interest for the breach you f*******.

It wasn't Citi's breach, why should they lower your interest rate?

Edumacated wrote:

It wasn't Citi's breach, why should they lower your interest rate?

Citi contracted with a third party that suffered a security breach....I can see that Citi's negligent actions caused injury to a customer. 2 questions: How serious an injury, and what is the remedy?

these business probably got paid for leaking this info. I wouldn't doubt it. If you have ever had dealing with US Bank or Citicards you would believe anything.

Hal,

You'll have to educate me on exactly HOW Citi was "negligent"?

I know the bank I work for has to send a third party on site, at least yearly, to where our customer's data is processed and do a security review.

If Citi has done the same review, and that third party was doing everything according to state and federal law to protect the data, and Citi validated that, how is Citi at fault?

Considering that my bank also uses this service and we recently did an in depth review of this company and could find no issues with their security, I'm not sure how WE could be at fault.

Mary Allen,

Carefull you don't slide into 'tin foil hat' time here... The rank and file in the spanks spend an extraordinary amount of time focused on data security. Someone at Epsilon might have been paid to breach security, but I seriously doubt anyone at any of the banks got penny.

I'm sure the data review folks at those banks are getting chewed out pretty significantly right now for something that may or may not have been detectable by them.

Looks like Epsilon has one of it's pit bulls out monitoring postings.

Edumacated wrote:

It wasn't Citi's breach, why should they lower your interest rate?

They can lower my interest since 22% is nothing short of highway robbery you twit.

Hal Davis wrote:

<quoted text>
Citi contracted with a third party that suffered a security breach....I can see that Citi's negligent actions caused injury to a customer. 2 questions: How serious an injury, and what is the remedy?

Someone I don't know now has my yahoo email address. How exactly have I been injured?

uugh wrote:

<quoted text>
They can lower my interest since 22% is nothing short of highway robbery you twit.

A twit is someone who borrows money at such high rates.

highland guy wrote:

<quoted text>
A twit is someone who borrows money at such high rates.

And then call someone else a twit...

highland guy wrote:

<quoted text>
A twit is someone who borrows money at such high rates.

Or someone who charges their medical bill.
Or someone who pays their parent's mortgage and property taxes so the banks wouldnt' forclose.
It must be nice to sit in your glass house and presume you know every detail about everyone's lives.
Parasite.

Sir Topham Hatt wrote:

<quoted text>
Someone I don't know now has my yahoo email address. How exactly have I been injured?

A word to the wise ... from pcworld.com ...
"you're in no danger as long as you keep an eye out for e-mail from senders you don't know, and don't send any sensitive information (such as credit card or banking info) to "companies" via e-mail."
http://www.pcworld.com/businesscenter/article...

uugh wrote:

<quoted text>
Or someone who charges their medical bill.
Or someone who pays their parent's mortgage and property taxes so the banks wouldnt' forclose.
It must be nice to sit in your glass house and presume you know every detail about everyone's lives.
Parasite.

You volunteered that information, pal. No one asked. It's interesting that you are upset about your private email information being stolen/hacked through your bank's vendor, yet you freely volunteer all this info on the internet about yourself.

let's recap what we've learned:
owns and uses a credit card with a 22% interest rate.
expensive medical procedure / health problems.
doesn't have medical insurance.
Parents are behind on their mortgage and property taxes.

Anything else you'd like the world to know?

highland guy wrote:

<quoted text>
You volunteered that information, pal. No one asked. It's interesting that you are upset about your private email information being stolen/hacked through your bank's vendor, yet you freely volunteer all this info on the internet about yourself.
let's recap what we've learned:
owns and uses a credit card with a 22% interest rate.
expensive medical procedure / health problems.
doesn't have medical insurance.
Parents are behind on their mortgage and property taxes.
Anything else you'd like the world to know?

Sounds like somebody looking for somebody to sue.

Edumacated wrote:

Hal,
You'll have to educate me on exactly HOW Citi was "negligent"?
I know the bank I work for has to send a third party on site, at least yearly, to where our customer's data is processed and do a security review.
If Citi has done the same review, and that third party was doing everything according to state and federal law to protect the data, and Citi validated that, how is Citi at fault?
Considering that my bank also uses this service and we recently did an in depth review of this company and could find no issues with their security, I'm not sure how WE could be at fault.

Key question:
==If Citi has done the same review, and that third party was doing everything according to state and federal law to protect the data, and Citi validated that, how is Citi at fault?==
Three big ifs, perhaps to be decided by a jury.

This isn't a big deal for me, but MANY people WILL respond to phishing attempts from companies they do business with. Epsilon won't feel any pain, nor will their customers. Those with the most to lose, aside from people who respond to fake emails, are Epsilon's investors.

Epsilon should be fined for the breach. This time it was only emails and names, the next time it could be more.

Many companies REQUIRE you to give your email address and other personally identifiable information - not everyone is smart enough to have "throwaway" ones - when you REQUIRE something it is your responsibility to make sure that you (the corporation) and your contractors protect the information. This is no different than hiring a temp and when data is stolen by that temp claiming that the temp was from a different agency and so you have no culpability.

These companies will have to show they did due diligence in ensure that proper data protection was in place - what types of penetration testing was done? If they did not do it, they should accept responsibility for the breach ALONG with Epsilon. If they did and the breach was solely Epsilon's fault, then Epsilon should be held accountable only.

This is NOT the cost of doing business. That is a cop-out excuse.

uugh wrote:

Thanks Citi, you can lower my interest for the breach you f *******.

You're a dope and it is obvious you get yourself in financial trouble with your stupidity. Epsilon the company is the issue here and tons of companies use this this piece of crap company for their email marketing.