3.9 Million Citigroup Customers' Data Lost

Rick Zeman writes "CNN.com is reporting that United Parcel Service has lost backup tapes containing the identies of 3.9 million Citigroup customers. According to UPS, '... a "small package" containing data storage tapes was lost while being transferred to a credit reporting bureau.' According to Citigroup, they 'included Social Security numbers, names, account history and loan information about retail customers, and former customers, in the United States.'"

And what did the UPS guy say?

[Kaisum]

"oops"

How often does this happen now?

[ZephyrXero]

A week hasn't gone by this year that some major data warehouse hasn't been "broken into". When are these people going to start taking our privacy and their security a little more seriously...

Unacceptable

[Adrilla]

These companies are treating this information far too trivially. Laws need to be passed that will make this type of carelessness illegal and/or compensate these customers for losing their info. I think the lack of trust from customers would be incentive enough, but obviously it isn't, so more needs to be done to prevent these fiascos. And on another note, why aren't more consumers, in this day of rampant identity theft, completely outraged by these events. What is this the fourth incident in the past few months (and I'm probably lowballing the number)? This is simply unacceptable.

They changed their slogan:

[game+kid]

UPS: What can BROWN lose for you?

Gives new meaning to their slogan

[gooman]

What can Brown do for You?

remember folks

[Anonymouse+Cownerd]

just because you didnt hear about things like this in the past doesnt mean they didnt happen.

is it hot in here?

[qda]

seems the brown has hit the fan

Sensitive Data via UPS?

[Lithium_Golem]

I used to work for UPS customer service. I'd say at least .1% of all packages either get damaged or lost during shipping. Shipping packages of low value is no big deal, your losses over time will be minimal. Shipping packages of high value, however, will result in considerably larger losses over time. DO NOT SHIP YOUR HIGH VALUE GOODS VIA UPS/FEDEX/DHL/ETC. I cannot stress that enough. Hire a private courier. Hire someone in your company. Drive it yourself. Find someone with better than a 99.9% success rate if your package is worth millions.

Attach a cost to lost data

[Deep+Fried+Geekboy]

The only way to solve this is to attach a cost to personal data. As soon as you do this, companies will instead of trying to collect as much data as they can, treat it (rightly) as something they should collect as little as possible. Lost data should have a cost to it which sends shudders down the spine of Chief Financial Officers.

I expect this will take a big class action lawsuit, but if I were a company of any size which handled confidential client data, I would be scrambling for a way to reduce my liability.

*blinks*

[Scum+Puppy]

You have to be kidding me. UPS? To transfer secure information? Where I work, we receive a backup tape from a production system that we load that contains sensitive data. That tape is sent back to my group via Iron Mountain (and we send the old tape back the same way). And this isn't even stuff as high profile as like what's Citigroup apparently lost. When services exist like this to facilitate occasional, VERY important shipments, there's just no excuse using UPS or Fedex. I fear for the free market if this is "business as usual" for it.

Re:*blinks*

[ZephyrXero]

Regardless of who they used, why didn't they have some sort of encryption on the data? I'm not blaming UPS, I'm blaming Citibank...

Re:*blinks*

No, no, no. That would be to much thought.

More than likely they paid a consultant $3.5 million dollars to setup a secure backup system which would work flawlessly. Bought it. Installed it...

And then new IT director-minion-worked-at-walmart-last-week went in to "optimize" the server and kill any "useless" processes that were making it run slow, and killed the encryption process.

And then of course they backup for two years without encryption until they hire a $8 an hour "casual" to "catalog" and "clean up" the archives -- and he discovers that they aren't encrypted. Notifies his boss who really doesn't understand -- and nothing happens.

And then they have a security breach and are "caught off guard". Heads roll, new consultants are hired, and the process begins again.

Well, at least that's what seems to happen where I work.

Nice to know where their priorities lie

[Lead+Butthead]

These are the people that would pay through the nose for armoured car to truck their cash around, but would send huge amount of customer information through UPS.

You break it, you buy it.

[Doc+Ruby]

CitiGroup no doubt spends millions each year on network encryption for data transmitted across WANs. I wonder if the data on these tapes was encrypted? Since they're "backups", I doubt it. Sure, UPS screwed up the sensitive task entrusted to their expert professionals. But CitiGroup took an unacceptable, unnecessary risk by allowing the task to be so sensitive. They should all have to indemnify every exposed CitiGroup customer from identity crimes in perpetuity, including the time the customers spend managing this exposure.

Obvious

[YrWrstNtmr]

Search for 'high security' at ups.com:

Find Results With
The exact phrase high security
Search for "high security" found 0 matches.