Citi notifies 3.9 million customers of lost data
Computer tapes with personal information lost in transit
MSNBC staff and news service reports
Updated: 6:54 p.m. ET June 6, 2005
NEW YORK - CitiFinancial, the consumer finance division of Citigroup Inc., said Monday it has begun notifying some 3.9 million U.S. customers that computer tapes containing their personal data had been lost.
New York-based Citigroup said the tapes were in a box shipped in May via UPS Inc. from a Citigroup facility in Weehawken, N.J. to an Experian credit bureau facility in Allen, Texas. Data on the tapes included account information, payment histories and Social Security numbers.
The data involved only information on consumers who had taken out loans with Citibank, such as personal loans or debt consolidation loans, according to the firm. Savings and checking account customers were not impacted, the firm said.
Most of the impacted consumers are current Citibank loan customers, but about 55,000 of the records on the tape involved consumers with closed accounts, a Citibank spokesman said. The firm said customers of its CitiFinancial Auto, CitiFinancial Mortgage or other Citigroup businesses were not impacted.
In a statement, Citigroup said that CitiFinancial “had no reason to believe that this information has been used inappropriately, nor has it received any reports of unauthorized activity.”
Norman Black, a spokesman for Atlanta-based UPS, confirmed that the tapes were missing.
“Despite an exhaustive search for this package, we’ve been unable to find it,” Black said.
Citigroup's announcement came just as the nation's top security experts gathered in Washington D.C. for an annual conference sponsored by research firm Gartner. Experts expressed surprise and dismay at the news.
"This is really inexcusable," said Gartner analyst Avivah Litan. "This is security 101. This shows just how out of control all this data is."
Account information is sent regularly by financial institutions to credit bureaus to keep consumer credit reports up to date. In the past, all firms sent such tapes to the credit bureaus, though now many firms send the information electronically. In an Internet-based seminar last month, Experian, the credit bureau to which the lost data was headed, specifically recommends electronic delivery.
Debby Hopkins, chief operations and technology officer for Citigroup, said that the tapes were produced “in a sophisticated mainframe data center environment” and would be difficult to decode without the right equipment and special software.
Hopkins said that most Citigroup units send data electronically in encrypted form and that CitiFinancial data will be sent that way starting in July.
Tumbleweed Communications Corp. performs such encrypted data transmissions for eight of the top 10 financial institutions, including Wells Fargo and Bank of America, according to CEO Jeff Smith. He said the CitiFinancial incident points out a bit of any irony — in this case, transmission over the Internet is more secure than old-fashioned means. Citigroup is not a customer, he said.
"If you send it encrypted directly, we're going to pull people and third parties out of the process. When you do that, you are less susceptible to fraud," Smith said. "It's also a lot cheaper than UPS."
As you know from previous posts, I'm a frequent eBay buyer. Out of all of the items I've bought through eBay (118 to be exact) I've only had one item get lost in transit. The seller shipped it by UPS, and we had a tracking number, but it never made it to Louisville. From my years in customer service, and my stint in the traffic department, I know firsthand that some packages get lost. Just like how clothes or books or cd's or tools get lost at home -- some things just get lost and there's no explanation for it.
I'm sure that Fed Ex and the USPS are smirking over this, but they shouldn't gloat too much; pride cometh before the fall. We've had letters and even a few checks get lost in the mail over the past few years, even so much that we won't mail anything from the mailbox at home just as a precaution. I guess it's just a natural fact that things are going to get lost in transit. But it's usually a piece of mail or something we've ordered from a catalog or shipped to a family member - you really don't hear too much about computer tapes containing personal information about 4 million people being lost.
It sucks that it happened, and I'm sure UPS will get a lot of flack over the lost box, and will probably lose some customers, but once again we can put some of the blame on the media feeding frenzy about the lost box of tapes. You didn't see the story of my lost package of Livestrong bracelets on CNN Headline News.
3 comments:
I do business with another bank in which a similar security fraud occurred because of a few bad employees. The bank personnel seemed on top of the situation and with the unimaginable amount of data that is transferred daily, this will probably become the norm. It is easy to contact one of the credit bureaus either online or by telephone and request a 90 day fraud alert. The recipient credit bureau will automatically notify the other two credit bureaus. I think that identity theft insurance and credit monitoring services will become a viable and much resource in the near future as we will probably hear more of security breaches of personal information. Love your column.
AAA members get a discount with ID Theft Assist, a company that helps out when there is an identity theft. it's quite affordable and as Michael said, it's becoming more and more of a reality. Check it out.
NO AND I CAN ASSURE YOU THAT YOUR JUNK DIDN'T GIVE AWAY IMPORTANT INFORMATION LIKE THIS DID AND TO TELL YOU THE TRUTH SIR THAT IMPORTANT INFORMATION SHOULD HAD NEVER BEEN SHIPPED BY A THIRD PARTY IT SHOULD HAD WENT DIRECT FROM CITIFINANCIAL TO THE CREDIT BUREAU WITHOUT ANY STOPS IN BETWEEN AND AS FAR AS UPS IS CONCERN THERE IS SOMETHING FISHY HERE AS IT IS MY UNDERSTANDING THAT UPS HAS THE PEOPLE AT EVERY STORE TO SIGN A CODED MACHINE FOR EVERY PACKAGE THAT IS LEFT AT THEIR PLACE OF BUSINESS AND THAT PACKAGE IS ALSO CODED AND INFORAMTION PLACED IN THAT SIGNED MACHINE WERE THE PERSON SIGNED IT AT THEIR PLACE OF BUSINESS NOW YOU TELL ME WHY THIS PACKAGE CAN NOT BE SEARCHED AND FOUND SOMETHING PRETTY FISHY HERE SIR. THERE IS MORE HERE THAN MEETS THE EYE..... S T A Y T U N E FOR MORE
MIKE
Post a Comment