David Enrich of the WSJ reports:
Citigroup Inc. denied a report in The Wall Street Journal that federal authorities are investigating the theft of tens of millions of dollars from customer accounts by hackers, and sought to reassure clients that their funds are safe.
The New York financial company sent employees in U.S. bank branches a memo to help respond to questions. The moves came after The Wall Street Journal reported that the Federal Bureau of Investigation is probing a computer-security breach aimed at accounts of the company’s Citibank unit.
It couldn’t be learned how funds were stolen, whether through Citibank’s systems or by other means. The breach could have involved a contractor that processes transactions for the U.S. financial institution. Investigators suspect that the theft was conducted by a well-known Russian cyber gang.
Read more on The Wall Street Journal (subscription required).
Citi’s press release does not specifically deny that they might have suffered losses due to a contractor or processor breach. It only denies that there was a breach of its system with associated losses. Nor did Citi deny that it had shared information with federal agencies over the summer to counter an attack. If their customers did not suffer large losses on the order of tens of millions of dollars due to any contractor or processor breach, it would be helpful if they said so. As it stands now, the only part of the WSJ story they seem to have directly denied is that there was a security breach of their own system.
Or at least that’s how I read it. How do you read it?
UPDATE: 12-23-09: Now others are confirming Citi’s denial and saying that WSJ got it wrong. See the story here.