Reuters reports:
After a massive data breach last month, Citigroup did not offer its hacked clients the same degree of identity-theft protection that many other companies provide, drawing criticism from privacy advocates.
Citigroup, which had over 360,000 credit card accounts exposed last month, sent letters to affected customers this month with advice on protecting themselves against identity theft.
But unlike other large U.S. companies breached by cybercriminals, Citigroup did not offer to buy or give all affected customers a year of preventive credit file monitoring services, according to a sample of a letter the bank sent to many customers and filed with regulators in Maine.
Read more on Smart Business.
So let’s review: they don’t publicly disclose the breach until confronted by Financial Times and then they don’t make what has pretty much become a pro forma offer of free credit monitoring services? Did they miss the memo on public relations or is this just a company in serious need of an attitude correction?
Well…not to defend a ginormous corporation, but if all that was exposed was credit card information, why would identity theft monitoring be necessary? All you do is cancel the card and you’re set, right?
Now, if SSNs had been stolen, I’d be the first to grab my pitchfork and burning torch.
Right, but from a PR standpoint, I think their responses have been a disaster. If you’re telling your customers to remain alert for the next 12-24 mos., you should be offering them something to help them or to repay them for the extra work they now incur because of the security problem on your side. Even if they said, “Look, it makes no sense to offer credit monitoring to you because…. but to apologize for the inconvenience you’ve experienced, we’re waiving your annual card fee at its next renewal” – that might cost them more than credit monitoring, but it might assuage annoyed customers.