Citi Bike Data Breach – Is Your Private Information “Secure”?

Posted by Albert Sica on Jul 31, 2013 2:45:51 PM

Think about how many times in the past year you have entered private information onto a website’s “secure” system; your name, credit card information, date of birth, social security number, billing address, mailing address, and/or security questions and answers and that’s how many times you were exposed to identity theft.   Each bit of information you provide online can be used by hackers to steal your identity. A cyber security breach is one of the most dangerous and harmful risks for any company regardless of the size or industry.  As highlighted throughout our Cyber Risk blog series, it is nearly impossible to be 100% protected from cyber criminals.  While having the appropriate insurance coverage is critical, there are other ways to mitigate this risk.  It is just as vital for company leadership to take a strategic view of the risks resulting from a data breach (e.g. reputational, supply chain, etc.)

A large, publicly traded corporation such as Citi has an immeasurable amount of resources they could dedicate to protecting the identity and information of their customers.   However, nearly six weeks prior to the start of operations for the bike-sharing program, Citi Bike was faced with a data breach that affected over 1,150 members. Although Citi has spent over $40Million in the past six years to be the lead sponsor in the bike-sharing program, Alta Bicycle Share is the system operator and it was a local subsidiary, NYC Bike Share LLC, which announced there was “brief accessibility” starting on April 15th due to an “error log” on the system’s website. Despite the spokespeople’s effort of trying to perform damage control and maybe not make the breach seem so bad, the problem was discovered on April 15th and not corrected until the end of May!... That doesn’t seem “brief” when considering the accessibility of private information that could damage individual’s credit, the reputation of the company and more.

While it is unknown what fines Citi Bike will face, under New York City law they are liable for no more than $400 per person for the breach of data or $469,600.  Fallout from a cyber-breach, if uninsured, can easily reach seven figures and could destroy a stable growing business.  The reputational damage alone associated with such breach can significantly impact the future of any company.  Implement best practices that, while will not completely prevent cyber breach, will, at the very least, minimize your risk.  Make sure you have the appropriate coverage in the event breach happens.

If you would like to discuss your organization’s current exposures and find out if you have proper coverage, please feel free to contact me at 732.395.4251 or

Topics: Breach of Security, Cyber Risk, Cyber Security, Enterprise Risk Management, ERM, Reputational Risk, Risk Management Blog, Social Media Risk, Strategic Risk Management, Total Cost of Risk, Total Cost of Risk (TCoR), Travel Risk

The ALS Group

Risk Management Blog

We manage more than a quarter billion dollars of premiums for a diverse range of clients around the globe. 

Our areas of expertise include:

  • Enterprise Risk Management (ERM)
  • Cyber Security & Cyber Liability Insurance
  • Construction Management
  • Customized Risk Management Assessments (RMAs)

Subscribe to Email Updates

Recent Posts

Posts by Topic

see all