InformationWeek : Security Researcher Says Citibank Took A While To 'C2' Security Flaw. IW chimes in about Citibank's fix for c2it. I love the part where the spokeswoman says she only learned about it Monday. It makes it look like Citibank learned of it on Monday, when it was really just her. They seem to completely ignore the fact that I have been trying (and at least partially succeeding) in contacting them in regards to cross site scripting security flaws in many of their online sites, including c2it, since Sept.