Morning Security Brief: Citigroup Hacked, New Facebook Feature Under Fire, Security Woefully Lacking in South African Hospitals
By Carlton Purvis
♦ Citigroup, Inc., released a statement saying sensitive customer information was compromised by a security breach in May, Reuters reports. Hackers accessed the names, account numbers and contact information for 200,000 of its customers. The company did not say how the breach occurred, but says it was discovered through routine monitoring of their online system. "We are contacting customers whose information was impacted. Citi has implemented enhanced procedures to prevent a recurrence of this type of event," Sean Kevelighan, a U.S.-based spokesman told Reuters by e-mail. This hack falls on the heels of several high-profile attacks on major companies by hackers. In April, Sony said the information of more than 70 million customers on the Playstation Network was breached. The Gmail accounts of several senior government officials were hacked in an attack that originated in China Google announced last week.Citigroup faces scrutiny from advocacy groups who say they should have disclosed the breach sooner.
♦ The Electronic Privacy Information Center (EPIC) objects to Facebook's plans to launch a new feature to make tagging photos easier for users by using facial recognition software. "We think the facial recognition feature raises real questions about what sort of data Facebook is collecting from its users and from its users' photographs," John Verdi, senior council at EPIC told the Los Angeles Times on Wednesday.EPIC plans to file a complaint to the Federal Trade Commission. While a user will have the right to opt out, Representative Edward J. Markey, co-Chairman of the Bi-Partisan Congressional Privacy Caucus, said in a statement that "Requiring users to disable this feature after they've already been included by Facebook is no substitute for an opt-in process." ♦ The South African Medical Association is calling on the government to take over security at state hospitals.In a statement issued Thursday morning, SAMA spokesperson Dr. Tende Makofane said private security workers are untrained and lack the technology to maintain adequate security. “We have repeatedly made calls for the Department of Health to install metal detectors at every hospital entrance point so that members of the public do not access hospital property armed with dangerous weapons. But instead, all we have seen in most public hospitals is security guards stopping short of strip-searching health workers as they enter and leave hospital premises, whilst members of the public access hospitals without any scrutiny,” he said. The statement comes after on Tuesday an irate patient stabbed and killed a doctor and injured a security guard at Middelburg Hospital in Mpumalanga. The doctor died later that day. News 24 reported that Hospital officials said that security guards are required to search anyone entering a state facility, however, they aren’t sure how the man was able to bring in a knife. Government officials in Mpumalanga said security at all health facilities would be reviewed. "It is unfortunate that our hospitals have been turned into warzones where people do not feel safe because of government's ill-conceived policy of privatisation and outsourcing," Nehawu spokesman was quoted by News24 as saying.