UPS slammed for huge Citibank data loss
#1
UPS slammed for huge Citibank data loss
UPS Loses Package With Data On 3.9 Million
Citigroup Says Tapes Missing Since May
By TOM ZELLER JR.
& THE NEW YORK TIMES NEWS SERVICE
Published on 6/7/2005
In one of the largest breaches of personal information to date, CitiFinancial, the consumer finance subsidiary of Citigroup Inc., announced Monday that a box of computer tapes containing information on 3.9 million individual customers was lost by United Parcel Service last month, while in transit to a credit reporting agency.
Executives at Citigroup said the tapes were picked up by UPS in early May and have not been seen since.
The tapes contained names, addresses, Social Security numbers, account numbers, payment histories and other details on small loans made to millions of customers through CitiFinancial's network of more than 1,800 lending branches, or through retailers whose product financing was handled by CitiFinancial's retail services division. The company said there was no indication that the tapes had been stolen or that any of the data on them had been compromised.
It is, however, the latest in a series of recent data security failures involving nearly every kind of institution that compiles personal information — ranging from data brokers like Choicepoint and LexisNexis to financial institutions like Bank of America and Wachovia Corp., to the media giant Time Warner to universities like Boston College and the University of California, Berkeley.
All of these institutions have reported data breaches in the last five months, affecting millions of individuals and spurring congressional hearings and numerous bills aimed at improving security in the handling of sensitive consumer information. The fear is that Social Security numbers, when combined with a consumer's name, address and date of birth, can be used by thieves to open new lines of credit, secure loans or otherwise steal someone's identity.
Whether the recently reported breaches indicate an epidemic of data loss, however, remains unclear. Many privacy and security advocates have suggested that a California law requiring that consumers be notified of data security breaches has led to more routine confessions of data losses and increased awareness of a long-standing problem.
“I think what we're seeing is a situation that's been going on for a long time,” said Beth Givens, the director of the Privacy Rights Clearinghouse, an advocacy group in San Diego, “and one which has only been made visible by California's law.”
Norman Black, a spokesman for UPS, would not go into specifics on where or how the security system broke down, but said the courier was continuing its investigation. Black said blame ultimately lies with his company.
“They tendered us a package and expected it to be delivered in the reliable way that we always do,” Black said, “and we had to go back to them and tell them that we can't find it.”
Black said an exhaustive search of all of the company's facilities nationwide had turned up no sign of the package. “It's rare that it gets to the point where we can find no trace of it,” he said.
Citigroup Says Tapes Missing Since May
By TOM ZELLER JR.
& THE NEW YORK TIMES NEWS SERVICE
Published on 6/7/2005
In one of the largest breaches of personal information to date, CitiFinancial, the consumer finance subsidiary of Citigroup Inc., announced Monday that a box of computer tapes containing information on 3.9 million individual customers was lost by United Parcel Service last month, while in transit to a credit reporting agency.
Executives at Citigroup said the tapes were picked up by UPS in early May and have not been seen since.
The tapes contained names, addresses, Social Security numbers, account numbers, payment histories and other details on small loans made to millions of customers through CitiFinancial's network of more than 1,800 lending branches, or through retailers whose product financing was handled by CitiFinancial's retail services division. The company said there was no indication that the tapes had been stolen or that any of the data on them had been compromised.
It is, however, the latest in a series of recent data security failures involving nearly every kind of institution that compiles personal information — ranging from data brokers like Choicepoint and LexisNexis to financial institutions like Bank of America and Wachovia Corp., to the media giant Time Warner to universities like Boston College and the University of California, Berkeley.
All of these institutions have reported data breaches in the last five months, affecting millions of individuals and spurring congressional hearings and numerous bills aimed at improving security in the handling of sensitive consumer information. The fear is that Social Security numbers, when combined with a consumer's name, address and date of birth, can be used by thieves to open new lines of credit, secure loans or otherwise steal someone's identity.
Whether the recently reported breaches indicate an epidemic of data loss, however, remains unclear. Many privacy and security advocates have suggested that a California law requiring that consumers be notified of data security breaches has led to more routine confessions of data losses and increased awareness of a long-standing problem.
“I think what we're seeing is a situation that's been going on for a long time,” said Beth Givens, the director of the Privacy Rights Clearinghouse, an advocacy group in San Diego, “and one which has only been made visible by California's law.”
Norman Black, a spokesman for UPS, would not go into specifics on where or how the security system broke down, but said the courier was continuing its investigation. Black said blame ultimately lies with his company.
“They tendered us a package and expected it to be delivered in the reliable way that we always do,” Black said, “and we had to go back to them and tell them that we can't find it.”
Black said an exhaustive search of all of the company's facilities nationwide had turned up no sign of the package. “It's rare that it gets to the point where we can find no trace of it,” he said.
Thread
Thread Starter
Forum
Replies
Last Post