Slashdot Mirror

← Back to Stories (view on slashdot.org)

3.9 Million Citigroup Customers' Data Lost

Posted by timothy on from the gee-maybe-they-should-collect-less dept.

Rick Zeman writes "CNN.com is reporting that United Parcel Service has lost backup tapes containing the identies of 3.9 million Citigroup customers. According to UPS, '... a "small package" containing data storage tapes was lost while being transferred to a credit reporting bureau.' According to Citigroup, they 'included Social Security numbers, names, account history and loan information about retail customers, and former customers, in the United States.'"

4 of 602 comments (clear)

  1. As a UPS employee... by ap0 · · Score: 4, Informative

    I bet we're going to get bitched at tonight to scan all our packages! I load the semi trucks that haul grond packages across the country and don't think any foul play is involved. There are quite a few things that could have happened to it. It might have even ended up in another customer's package if it's very small. We should have been able to find it, though. It's pretty damn difficult for a package to get lost for more than a couple days in our facilities.

  2. Re:You break it, you buy it. by DJStealth · · Score: 4, Informative
    From TFA:
    "We deeply regret this incident, which occurred in spite of the enhanced security procedures we require of our couriers," Kevin Kessinger, executive vice president of Citigroup (Research), said in a statement. "Beginning in July, this data will be sent electronically in encrypted form," said Kessinger, who heads the company's consumer finance business in North America.
    The above quote implies that currently it is not in encrypted form.
  3. They Can Be Fined.. by camusflage · · Score: 4, Informative

    Citibank should be able to be fined for sending unencrypted data via UPS because it might cause an accident.

    They can be. GLBA, as it's known in the financial services circles, requires any financial institution to design, implement, and maintain controls to protect customer confidential data, which it appears is what was lost. Whether it's an audit trail for a system running on the network, or encryption when travelling on an unprotected network, GLBA dictates that the highest level of care be used when handling customer data. It is something that we in the banking world take very, VERY seriously.

    If they so chose, the FTC, the OCC, the SEC, the CFTC, or state insurance regulators could fine Citigroup for violations of GLBA.

    --
    The truth about Scientology, Xenu, and you: Operation Clambake
  4. Re:Lecture Time by NetSettler · · Score: 4, Informative
    lemme guess: someone's bitter becuase they signed a contract...

    It never occurs to anyone that the Bank, and not me, might be the one who didn't like their end of the contract...

    I I got an adverse credit report and they raised my interest. The nature of the adverse report? I had used my card.

    Yes, they give you cards at a certain interest rate and if you've never seen it happen, you can use them responsibly, make your payments, etc. and still end up with a "too much unsecured credit" marker from the credit agencies because they decide (after issuing the cards, when they realize you're going to use them) that you borrowed too much (i.e., that they offered you more credit than they meant to). They don't frame it (as they should) as "oops, we didn't mean to authorize that card. They think it's my burden to keep track of that, I guess. And I thought it was just my burden to make the payments.

    Have I failed to keep my credit current? Nope. I managed to keep up to date even with the near crippling interest rates. But I did my financial planning based on the smaller interest rate they had originally negotiated with me, not realizing I'd be a bad customer by merely using my cards. I just had some intermediate bloat while I waited to sell my house and needed a large amount of short-term credit to cover some upgrades on the house while it was preparing for sale. I saw my rates jump from single-digits into the 20's.

    Why did they do it? Because their economic models said I was a risk and because they could. But then, with all that personalization (by which they mean a "photo on the card") it never occurred them to just call me and talk to me about what was going on in my life and to find out why my balance was high. Some personalization.

    First USA (bought by BankOne, then bought by Chase) and MBNA are the absolute worst. Citibank and Sears were intermediately aggressive. They're all suddenly calling me a valued customer and offering me single digit rates again now that my house got sold and I paid some of it back down.

    They spend tons of money trying to detect bad customers. They spend nothing trying to detect good customers. You're right I'm bitter.

    But, just to stay on topic (which your uninformed, ad hominem attack on me was not, IMO), my real point is that the credit card companies behave in a routinely holier-than-thou way about everything they do involving money, while they soak the public for infinite money. Then on top of large profits, they ask a Republican Congress for a change to the bankruptcy bill because they allege they are being soaked by bankruptcies, even though they're seeing huge profits even before the changes. To listen to these megabanks, they are the victims and we the public are the powerful perpetrators. I just don't see it. So I see no reason not to be quite harsh with them when they screw up.

    --

    Kent M Pitman
    Philosopher, Technologist, Writer