coComment responsds to Citibank security issue

A few minutes ago, I received a response from coComment regarding the ongoing issue with that service indexing submissions to Citibank’s online form when logged into the bank’s systems. Check out what they had to say here, where they are pointing out that you can blacklist any site from storing your information, should you notice this sort of thing being feasible. In this case, the only reason that John had this happen was that he missed unchecking the box to log his note to Citibank, so it was more luck than anything that got us here (though some might disagree).

Again, I’m not going to specifically point fingers one way or another here, but while I am surprised that coComment software had logged this, I think I’m *more* surprised that it was allowed to log it in the first place. Because, as they say, “this shouldn’t happen and site security policy should prevent it.” More on that later. In the meantime, Citi’s security team has been great going back and forth, and we’re working on finding the right person within that company’s internal PR team to hear what they have to say about it.