Have you heard of the recent issue at Citi (Citigroup Inc)? This is huge. Citi, based in New York, is one of the biggest banks across the globe. It is experiencing a data breach achieved by one of its vendors. As someone who looks at technology and finance, this definitely concerned me - and thought it would be worth explaining the event and the importance of it.
Scary right? Imagine your mortgage information or personal financial information ended up in the wrong hands.
Citi utilizes vendors to implement pieces or parts of their business. If a vendor gets hacked, even though Citi may have clear systems, it still affects Citi as a result of vendor related risk.
Customer Data Compromise
The breach will likely contain personal data, mortgage agreements, and legal agreements. If that data is exposed, it could be harmful to customers and the bank's reputation.
Compliance and Reputation Risk
Banks like Citi have laws and rules regarding the protection of customer data and the legal ramifications of a breach and reputation risk of the bank. Trust is everything in banking.
If I were in a position to advise Citi, I would say something like the following: "Yes, continue to use vendors, but treat them like they are a part of your company. Carefully monitor vendors, and just assume there is risk."
The Incident
On November 12 the vendor SitusAMC was hacked. This vendor operates mortgage data for huge banks, including Citi. Sensitive information related to home loans may have accessed by the hackers.Scary right? Imagine your mortgage information or personal financial information ended up in the wrong hands.
Why it Matters to Citi
Third-Party RiskCiti utilizes vendors to implement pieces or parts of their business. If a vendor gets hacked, even though Citi may have clear systems, it still affects Citi as a result of vendor related risk.
Customer Data Compromise
The breach will likely contain personal data, mortgage agreements, and legal agreements. If that data is exposed, it could be harmful to customers and the bank's reputation.
Compliance and Reputation Risk
Banks like Citi have laws and rules regarding the protection of customer data and the legal ramifications of a breach and reputation risk of the bank. Trust is everything in banking.
Possible Citi Actions
- Engage security and law enforcement to investigate the breach.
- Audit vendors to tighten security measures.
- Consider performing more functions in-house instead of outsourcing.
My Thoughts
This breach highlights how a financial institution can be compromised by its vendors. Outsourcing services is very convenient, but may lead to significant risk. I always think your systems are only as strong as your weakest link — this time that weak link was a vendor.If I were in a position to advise Citi, I would say something like the following: "Yes, continue to use vendors, but treat them like they are a part of your company. Carefully monitor vendors, and just assume there is risk."