During a Senate Banking, Housing and Urban Affairs Committee hearing, Sen. Robert Menendez (D-N.J.) questioned why Citigroup took nearly a month to report a breach affecting more than 360,000 credit card holders in North America.
Citigroup, which confirmed the breach earlier this month, never notified Menendez’s chief of staff that his account was compromised, the senator said.
In a June 15 letter to the acting head of the Office of the Comptroller of the Currency, Menendez stressed the importance of investigating the Citi breach given the implications it has for the security of the financial industry in general, as well as the company“™s failure to notify customers immediately.
“As you know, over the last six years, there have been 288 publicly disclosed breaches at financial services companies that exposed at least 83 million customer records,” he wrote. “And just this weekend, the International Monetary Fund was hit by cyber hackers. This problem is widespread and must be properly addressed by all parties.“
During this week’s hearing, Menendez called for a national law requiring breached businesses to notify affected customers, as well as for the Senate to pass his Cybersecurity Enhancement Act. Among other things, the act would allocate new money for cybersecurity research and scholarships.