Citibank followup #2
For the latest followup to this story from late Friday/early Saturday morning, I wanted to note that I did hear back, via email and telephone, from Citibank’s information security group on Sunday. They were very courteous about the situation and wanted to do everything they could to see what the problem was with coComment tracking some of their online messaging. They did offer to speak with John, my colleague, as well (through me, however), but he has not received any direct, official communication from Citibank after his multiple messages through their online system or two telephone calls to their IT or security groups.
Additionally, while coComment (or someone related them) removed the posts shortly after John and I posted about this late Friday night, no one has responded to my request for comment, and Citibank’s security group was looking into who at coComment they could speak with, but I had not heard that they had been successful as of mid-afternoon on Sunday.
In any case, I don’t want to lay blame here officially one group or the other, as it appears there’s some things that Citi’s site could be doing better, from an outsider’s perspective, and I’m guessing there are things that coComment is doing that they might not have originally intended. At the same time, as Chris Thilk and I are speaking this morning (we do talk on the phone, by the way), we both are very surprised that no word has come down from Citi’s PR department or agency, based on the fact that this was indexed more than two days ago as far as Technorati and whatnot. The other great point that Chris makes is that “how are they not reaching out to John directly?” That’s something I’m surprised about, too, considering John blogged it himself and also did directly reach out to his bank - which he is a customer at, not me.
[update 11:45am Eastern] Upon attempting to loop in Ruder Finn, who we’re believing is the agency that would handle this specific piece of business, I’ve failed at the main email address for the firm, found here, on the firm’s contact page. So if you’re looking to email Ruder Finn at the “rfnewyork@ruderfinn.com” email address, don’t bother. There’s “no such user.”
