Deck 13: Managing Technology and Innovation

Did Citigroup act quickly enough to inform customers of potential vulnerabilities to customers' funds and identities, or should the bank have waited, as it did, until the internal investigation was completed?

The hackers attacked the bank C's customer accounts and obtained access to the information regarding customers' such as names, account numbers and e-mail addresses. However, they failed to acquire Social Security numbers, birth dates, expiration dates or card security codes. Thus, according to the bank officials, the information disclosed was not sufficient to execute serious frauds.
The company officials responded to hack attack discovery promptly. It was important for the bank to investigate the breach internally first on the discovery of the hack attack. It would help it to provide verified information to the customers in order to calm their fears. This was all the more important for the customers whose information had not been compromised in the breach.
Thus, the bank was right to wait until the internal investigation was in process. In addition, the bank should have acted quickly to notify at least those customers whose funds and identi ties were expected to be threatened in the breach.

If you were a credit card customer, would you feel secure that banks, such as Citi, are adequately protecting your personal information and guarding against criminals accessing your money or stealing your identity?

Banks and other financial institutions usually develop and maintain an effective data security program. It is attached to the complexity of its operations.
All such institution must recognize and evaluate risks to its customer data. Further, it must create a plan to eliminate the risks and take appropriate step to secure the data of the customers.
It is not just bank's responsibility to maintain the confidentiality of customers' data. A customer is equally responsible in securing his/her personal information. The credit card holders shall review their monthly statement to keep check of unfamiliar charge. Customers shall not reply to any email requesting "verification" of their account.
Frauds and breach can occur with anyone, at any point in time. However, with cautious and continuous efforts on the part of both, the financial institution and the customers, such frauds can be avoided.

What role should government play in protecting individuals against hackers acquiring sensitive personal information, or should this remain the responsibility of the companys storing the information?

It should be the combine efforts of the government and the businesses to protect customers from hacking and safeguard their personal information.
The government should regulate hacking by implementing security information standards. The businesses, on the other hand, must abide by security guidelines issued by the government.
The Security Guidelines generally establish standards that relate to administrative, technical, and physical safeguards of the information or data. This ensures the security, confidentiality, integrity as well as the proper distribution of customer information. The guidelines list the obligations of the businesses to protect customer's data.

Are hacking incidents simply a way of life in the information age or should our sensitive, personal information be better protected?