Following a large data attack in May, 2011, Citigroup did not offer the victims of the breach the same level of protection against identity theft as similar companies, leading privacy advocates to issue heavy criticisms.
The breach affected more than 360,000 credit card accounts and Citigroup’s primary action for the victims of the hack was to distribute letters to them with recommendations regarding ways in which they can protect themselves against ID theft.
That said, no offers were made by Citigroup to provide those individuals with a year of free preventative monitoring services for their account(s), though this is common among other large American companies who have experienced cyber-attacks. In fact, according to consumer advocates, offering that service to customers whose data has been accessed by unauthorized third parties has become somewhat of a standard among large organizations.
Consumer Action deputy director of national priorities, Ruth Susswein, stated that “Consumers might want to turn to Citibank and ask them to do more. It’s become pretty commonplace to offer credit monitoring these days.”
Citibank did advise their customers that they can place a fraud alert on their own credit files, which would inform lenders that the customer must be contacted before an account can be created under that individual’s identity. However, the credit monitoring services typically offered by large companies who have been cyber-attacked do much more than that. For example, they track the credit reports of the customer in order to identify indicators of identity theft, as well as providing early warnings of such an event.