T恶意软件专家蒂姆•阿姆斯特朗接受《网络安全日报》（Security News Daily）采访时称，深层次原因在于“许多大型跨国公司的安全意识松懈”，“对于目的明确的团体或个人，一些公司的（安全屏障）已变得微不足道。”
花旗沿袭了目前此类事件常见的处理模式，没有在事件发生的第一时间或是随后的几周发布任何警告。这一模式令人忧虑。事实上，如果不是《金融时报》(Financial Times) 上周三晚间曝出这则消息，迫使其不得不表态，花旗可能会继续保持沉默。花旗向媒体发布了一份声明，但截至上周四下午，花旗集团网站，包括其新闻稿一栏，都没有明确提及黑客入侵事件。
无独有偶，今年4月份PlayStation网络遭到入侵后，索尼(Sony)也决定延迟一周后再通知客户；据报道此次入侵是“黑客行动主义者”组织Anonymous所为。3月份，黑客入侵威胁到客户洛克希德-马丁航空航天公司(Lockheed Martin)的信息安全。事件曝光后，EMC信息安全部RSA Security上周早些时候提出为数百万用户更换新的ID安全令牌。
立法委员们对此深感忧虑。美国参议员帕特里克•利奇(民主党人-佛蒙特州)本周提出了《个人数据隐私和安全法案》(Personal Data Privacy and Security Act)。根据该法案，企业掩盖数据被盗事件将构成犯罪。该法案同时将建立一个全国统一的黑客事件报告标准，取代目前各州各行其道的做法。
PlayStation入侵案曝光之后，LulzSec宣称对数宗针对索尼系统的黑客入侵事件负责。其中最近的一起发生在上周四早间，据报道LulzSec宣称从Sony Developer Network窃取了54兆的源代码以及Sony BMG的内部网络图。这些数据发布在BT跟踪服务器网站Pirate Bay上。
Given the number of recent, high-profile network security breaches, it might be tempting to call 2011 the Year of the Hack. The danger is that there's a good chance 2012 might be even worse.
The underlying reason for this is the "lax security posture of many large-scale global companies," the malware expert Tim Armstrong told Security News Daily. It has, he added, "now become almost trivial for a motivated group or individual to find a way in."
The latest known hack, which occurred more than a month ago, was announced this morning: Citigroup (C) said information for about 210,000 customers, or 1% of its credit-card holders in North America, was stolen. The information included card numbers and contact information including email addresses. The bank said other data, such as Social Security numbers, birth date, expiration dates and card verification numbers were not compromised.
In what is becoming a disturbingly familiar pattern, Citi decided not to issue any warnings about the breach when it occurred, or for several weeks following. In fact, it might still be mum if the Financial Times had not broken the story late last night, prompting Citi to confirm it. The company issued a statement to the media, but as of Thursday afternoon, there is no obvious mention on Citigroup's website of the attack, including on its press-release page.
Likewise, Sony (SNY) decided to wait a week to inform its customers in April when its PlayStation Network was breached, reportedly by the "hacktivist" group Anonymous. Earlier this week, RSA Security, a division of EMC (EMC), offered to replace millions of customer secure ID tokens after it became known that a hack into its system back in March exposed its customer, Lockheed Martin (LMT), to a security breach.
Lawmakers are becoming frustrated. U.S. Sen. Patrick Leahy (D-Vt.) this week introduced the Personal Data Privacy and Security Act, which would make it a crime for companies to conceal data breaches, and would create a national standard for reporting hacks, replacing the many disparate state laws now in place.
It's hard to cite any particular reason why there have been so many high-profile hacks recently. Partly, it could be that in the endless cat-and-mouse game between hackers and security teams, the hackers have jumped ahead.
But it's also no doubt partly trendmongering. The Citi hackers are apparently pure criminals, motivated by financial gain. Many of the other recent hacks are so-called "grey-hat" attacks. That is, they're done for publicity, for thrills, just to show off, or to reveal how bad an organization's computer security is. Often they're ostensibly done in support of a cause, as when LulzSec claimed it hacked PBS's Web servers to protest Frontline's coverage of the Bradley Manning/Wikileaks case. That group is apparently responsible for several other recent hacks as well, including on Fox News and Sony.
LulzSec has claimed credit for several hacks on Sony's systems in the wake of the PlayStation breach. The latest came just this morning, when the group reportedly claimed to have lifted 54 megabytes of source code from the Sony Developer Network, along with maps of Sony BMG's internal network. The data was posted to Pirate Bay, the Bittorrent tracker site.
The PlayStation hack likely motivated the subsequent attacks – the company's systems clearly are woefully insecure, making them a tempting target.
Whatever the motivations though, it seems clear that organizations including private companies and governments going to have to invest more in security, and they're going to have to start being more forthcoming when their systems are breached.