Citigroup: ACH or a different kind of federal bailout?

I find it hard to believe that Citigroup's media relations department would so adamantly deny the occurrence of a breach if it wasn't being completely genuine.

Because that is what they have done today in light of a report in The Wall Street Journal that the partially government-owned financial services firm was the victim of a hack that stole tens of millions of dollars.

When I read this story, there wasn't much meat, and I was pretty skeptical. I got even more skeptical when the FBI wouldn't comment on the story at all — not even to say that it was investigating.

So I did some searching around the blogosphere and saw that many others were equally suspicious of the story.

And then I remembered a story we wrote not too long ago, when the FBI said it was actively investigating a huge number of Automated Clearing House (ACH) fraud cases in which cybercriminals got a hold of mostly small- and mid-size corporate bank accounts to transfer large sums of money out. Attempted losses, the FBI said, have reached more than a $100 million.

This type of fraud, made possible by the data-stealing Zeus, or Zbot trojan, is arguably the biggest information security news story of the year.

So here's the FBI saying Citi, one of the world's biggest banks, has lost tens of millions of dollars due to a breach.

Well, I wouldn't call ACH a breach — it's more of an issue of a customer getting hacked than any bank — but I could see how something like this could get lost in translation.

So there you have it. This is nothing new.

Call it a scoop that wasn't.

Problem solved.

Then again, maybe this was, in fact, a well-orchestrated Russian Business Network hack, and nobody is talking because the presidential administration wants to protect one of the financial services industry's most prized assets from any additional pounding.

Can you say data breach bailout?

Happy Holidays everyone.