Forgot your password?
typodupeerror
Privacy Data Storage Databases Programming Software IT Your Rights Online

3.9 Million Citigroup Customers' Data Lost 602

Posted by timothy
from the gee-maybe-they-should-collect-less dept.
Rick Zeman writes "CNN.com is reporting that United Parcel Service has lost backup tapes containing the identies of 3.9 million Citigroup customers. According to UPS, '... a "small package" containing data storage tapes was lost while being transferred to a credit reporting bureau.' According to Citigroup, they 'included Social Security numbers, names, account history and loan information about retail customers, and former customers, in the United States.'"
This discussion has been archived. No new comments can be posted.

3.9 Million Citigroup Customers' Data Lost

Comments Filter:
  • by Kaisum (850834) on Tuesday June 07, 2005 @12:14AM (#12743508)
    "oops"
    • by game kid (805301) on Tuesday June 07, 2005 @12:16AM (#12743526) Homepage
      UPS: What can BROWN lose for you?
    • by Anonymous Coward
      quote.."Beginning in July, this data will be sent electronically in encrypted form,""

      You wouldnt believe the amount of software and infastructue is current being expended to meet this deadline. I'm working on it now, Sounds easy doesnt it? Its not.
      • Encryption is that difficult eh? How about using a simple XOR of a key on the data. Takes like 2 or 3 lines of code. Not the most complicated encryption, but atleast its SOMETHING! Theres more complicated ways of doing encrytion but having none at all is just stupidity in action.
        • by Skater (41976) on Tuesday June 07, 2005 @07:40AM (#12745206) Homepage Journal
          Then when that gets cracked there'll be 500+ messages on /. about how stupid they were for doing something so simple and how they should be protecting our data better than that.
          • by hjf (703092) on Tuesday June 07, 2005 @08:51AM (#12745668) Homepage
            And if they used proprietary encription by something like Cisco, 3Com or some IBM storage solution, and that got cracked, then /. would be filled with 500 messages about how they didn't use an open source solution.

            Oh and if they used an open source solution and that got cracked, the fault would also be theirs, and they would also get 500 messages on how they used an older (or newer!) release, or because they didn't use an obscure "x" patch which you can find in "y" page, hosted in some east european country and in a language used only in that country... etc.
            • So some people would still complain if something had gone wrong even if they'd used good encryption. These people are obviously unreasonable and the company should be forgiven.

              Hence it follows that they'd also have to be forgiven in case they'd used a simple encryption scheme. After all the same unreasonable people would complain.

              Hence they'd have to be forgiven if they'd used no encryption .... Basically, because someone would always complain they are always guiltless, no matter how careless they were

        • Encryption is difficult to get right, but fortunately it's already been done, many time. Unless you are Bruce Schneier [www.schneier.com] or Ron Rivest [mit.edu], you're not going to invent a secure encryption algorithm on your own. Therefore, it's smarter to use an off-the-shelf product which has been tested and reviewed, and has already weathered a storm of attacks.

          Secure file transfer is a solved problem. There are several options available for secure file transfer which don't require any more coding than a simple shell script

  • A week hasn't gone by this year that some major data warehouse hasn't been "broken into". When are these people going to start taking our privacy and their security a little more seriously...
    • When their customers actually start caring and making them realize how much of a mistake losing our data is? This will affect nearly nothing (because most people won't hear about it and many who do won't care), and business will go on as usual. If the customers actually took a stand, maybe we'd see some improvement.
      • I think that companies will start caring when there is an actual dollar amount attached to the loss. Be that from customers leaving to another bank or having to replace any funds that are stolen from the customer's accounts due to identity theft. But, you are right, the customers in general have no idea how serious this is. And I seriously doubt any reprecussions will take place.

        The first thought I had when I heard about this story is how much would that disk be worth if you sold it to the right people
      • So what am I supposed to do? I have student loans through Citibank, and my only choice to sever my ties with them is to pay off my loan in full, which I can't do at this time.

        Just exactly how am I supposed to 'take a stand'? Believe me I'd love to, but I feel there's nothing I can do. I'd like to get a loan through another company, however I don't know of any credit union or smaller banks that do anything like that.

    • *blinks* (Score:5, Insightful)

      by Scum Puppy (75891) on Tuesday June 07, 2005 @12:22AM (#12743580)
      You have to be kidding me. UPS? To transfer secure information? Where I work, we receive a backup tape from a production system that we load that contains sensitive data. That tape is sent back to my group via Iron Mountain (and we send the old tape back the same way). And this isn't even stuff as high profile as like what's Citigroup apparently lost. When services exist like this to facilitate occasional, VERY important shipments, there's just no excuse using UPS or Fedex. I fear for the free market if this is "business as usual" for it.
      • Re:*blinks* (Score:5, Interesting)

        by ZephyrXero (750822) <zephyrxero@yah[ ]com ['oo.' in gap]> on Tuesday June 07, 2005 @12:29AM (#12743625) Homepage Journal
        Regardless of who they used, why didn't they have some sort of encryption on the data? I'm not blaming UPS, I'm blaming Citibank...
      • Re:*blinks* (Score:2, Interesting)

        by Cocteaustin (702468)
        Um, yeah. Nearly the same thing happened with an Iron Mountain truck [internetnews.com] in April. It may be time to review your archive plan, there, chuckles.
    • A week hasn't gone by this year that some major data warehouse hasn't been "broken into". When are these people going to start taking our privacy and their security a little more seriously...

      It really isn't that bad - it's just that slashdot keeps reposting the same stories over and over again.

    • As soon as it starts costing them money not to. That is the *only* way they will change.

      -John
    • Actually all this hacking and losing of data has been happening for quite some time. We are just now hearing about it more because California passed a law requiring people to be notified of data loss.

      In this case, the lost cargo is probably in a UPS warehouse somewhere. They probably ran over the cargo with a forklift, and it's currently unidentifiable.

      See http://www.perkinscoie.com/content/ren/updates/eco mm/062703.htm [perkinscoie.com] for more info on the CA law.
    • Don't ANY of the CEO/CIO's, auditors or even PR people at these places read the news.

      Doesn't even one of them think for a moment - "Huh? I wonder what we are doing to make sure that this doesn't happen to us?"

      I'm not one for endorsing additional legislation - but perhaps if we held officers liable (SarbOx style maybe) for these breaches, then maybe someone will start to care.
      • Doesn't even one of them think for a moment - "Huh? I wonder what we are doing to make sure that this doesn't happen to us?"

        What might work is if one of the companies were to make it a selling point. If a credit company were to advertise their excellent record of protecting data, it might make people use them instead of the competition. Then the other companies would take notice as they lost customers.

    • Now that you said that, just recently, at the University Of Cincinnati someone broke into the system and stole thousands of names + social security numbers+dates of birth along with other juicy info.
      Someone asked the question whether the University is responsible and would restitute time and money spent recovering from an identity theft that resulted from this, and they basically shrugged it off and said "tough luck", we are not liable here is their FAQ on it [uc.edu].

      Actually hackers were very smart, they went

  • 3,9 million more recipients for "refinance NOW" spams...
  • Unacceptable (Score:5, Insightful)

    by Adrilla (830520) * on Tuesday June 07, 2005 @12:16AM (#12743517) Homepage
    These companies are treating this information far too trivially. Laws need to be passed that will make this type of carelessness illegal and/or compensate these customers for losing their info. I think the lack of trust from customers would be incentive enough, but obviously it isn't, so more needs to be done to prevent these fiascos. And on another note, why aren't more consumers, in this day of rampant identity theft, completely outraged by these events. What is this the fourth incident in the past few months (and I'm probably lowballing the number)? This is simply unacceptable.
    • But "Laws" are already in place here in the US. You could file a civil suit tomorrow if your credit is compromised by this data loss. Getting the government involved would only serve to further federalize our financial infrastructure (something that we don't really want nor need here in the US). Take it from someone who has just gone through a SAS 70 audit.

      BBH
      • Re:Unacceptable (Score:3, Insightful)

        by ZephyrXero (750822)
        As much as I'd hate to give yet even more power to the federal gov't, it's just about the only way to make these people do what should be both common sense and courtesy for their customers.
    • Re:Unacceptable (Score:5, Insightful)

      by ScoLgo (458010) <.scolgo. .at. .gmail.com.> on Tuesday June 07, 2005 @01:02AM (#12743836) Homepage
      Which company do you hold responsible here? Citigroup Financial? Or UPS? While UPS is guilty of losing the package in transit, perhaps CF should have used a more secure transport method. I dunno, what is more secure than UPS, Fed Ex, DHL, etc...? Armored car driving to and fro between cities?

      So what is your solution? (Hint: YMFL, (Yet More Federal Legislation), will not prevent accidental loss of freight packages).

      BTW - I write this as someone who has a mortgage with Citigroup so my data could be at risk here. However, my knee is not jerking violently, (yet).

    • Re:Unacceptable (Score:4, Insightful)

      by d474 (695126) on Tuesday June 07, 2005 @02:27AM (#12744257)
      "This is simply unacceptable."
      Not to those with a tyrannical agenda. Call me a conspiracy theorist, but I'm pretty sure corporations have been having these kinds of "incidents" so our represetatives had an excuse to pass and now move forward with the Real ID Act. [wired.com] It passed 100 FOR, 0 AGAINST, despite widespread opposition.

      So you want to pass a law that is unpopular?

      Problem.
      Reaction.
      Solution.
      It's called Diocletian's Problem. [propagandamatrix.com]
    • And on another note, why aren't more consumers, in this day of rampant identity theft, completely outraged by these events.

      And what good would that do? Unless you're buying your Congresscritters 30 second spots or shuttling them around in your private jet with the very accommodating flight attendant, then you're barking at the breeze, buddy.

      In this age of government by the highest bidder, the people losing your data are the highest bidders. Too bad. You can get as mad as you want but it doesn't chan

  • Statement (Score:3, Funny)

    by superpulpsicle (533373) on Tuesday June 07, 2005 @12:16AM (#12743527)
    Customer: Hi sir, I have my paper statement here which claims I had $1,000,234.01 in my account a month ago. Please bring my account back.

    Employee: Ummm, let me verify that with my datab... I mean.... let me get my manager.

    Customer: No problem. Take your time. Would you like some free coffee. It's on me.

  • by gooman (709147) on Tuesday June 07, 2005 @12:16AM (#12743528) Journal
    What can Brown do for You?
  • by Bamfarooni (147312) on Tuesday June 07, 2005 @12:17AM (#12743530)
    If we create legistlation that makes losing customer's personal information a criminal offense, then maybe these giant megalomerates will stop collecting (and abusing) it.
    • If we create legistlation that makes losing customer's personal information a criminal offense, then maybe these giant megalomerates will stop collecting (and abusing) it.

      Regarding your collecting comment: just how is it inappropriate for your bank to have your name, address, SSN, and additional financial info like the accounts and mortgage you have with them?
    • If we create legistlation that makes losing customer's personal information a criminal offense, then maybe these giant megalomerates will stop collecting (and abusing) it.

      I always see these kinds of comments and have to wonder: what is it about the US judicial system that makes the US legislative system seem like the cure for all social ills?

      Look at what the US legislative system has gotten us: social security numbers (ok executive branch helped here too), DMCA, laws against bankruptcy, etc. How exactly
    • "If we create legistlation that makes losing customer's personal information a criminal offense, then maybe these giant megalomerates will stop collecting (and abusing) it."

      That'll never happen, and here's why. The corporations and legislators both want the same thing: Every citizen to have biometric national ID's that also function has universal purchasing cards.

      You see, if we passed laws that made corporations have to beef up security and protocols and pay fines - Corporations would have to pay.
      But i

  • remember folks (Score:5, Insightful)

    by Anonymouse Cownerd (754174) on Tuesday June 07, 2005 @12:17AM (#12743535) Homepage
    just because you didnt hear about things like this in the past doesnt mean they didnt happen.
    • I also seem to remember UPS misplacing the Stanley Cup in one of their warehouses. This event doesn't quite shock me, knowing the past history of it's carrier.
    • The problem with this statement is that in the past most everything was kept on paper and losing 3.9 MILLION customers private information would have been a truck load, today its as easy as losing a small package of backup tapes.
  • by qda (678333) on Tuesday June 07, 2005 @12:18AM (#12743540) Homepage
    seems the brown has hit the fan
  • With that many customers, they should have their own armed shipping dude.
  • For negigence?
  • by Lithium_Golem (730956) on Tuesday June 07, 2005 @12:18AM (#12743549)
    I used to work for UPS customer service. I'd say at least .1% of all packages either get damaged or lost during shipping. Shipping packages of low value is no big deal, your losses over time will be minimal. Shipping packages of high value, however, will result in considerably larger losses over time. DO NOT SHIP YOUR HIGH VALUE GOODS VIA UPS/FEDEX/DHL/ETC. I cannot stress that enough. Hire a private courier. Hire someone in your company. Drive it yourself. Find someone with better than a 99.9% success rate if your package is worth millions.
    • My thoughts exactly. The tape should've been on one of those armored trucks -- Wells Fargo, Brinks, etc. I guess they were looking at it as a redundant backup copy (low value), instead of looking at it as they should have: a target for identity theft (extremely high value).
    • by Anonymous Coward
      You are so full of crap you damn UPS apologist.

      > .1% of all packages either get damaged or lost during shipping

      You obviously have zero experience in the shipping field despite your claim to have worked for UPS. It isn't uncommon at times to have 100 times that percentage of packages lost or damanged by us. We are a union shop so the lazy thugs we have can get away with anything. For example at the terminal where I work, a local jewelry store went out of business and shipped-out about four dozen nice
    • by d474 (695126) on Tuesday June 07, 2005 @03:22AM (#12744446)
      Everyone knows that when you have valuable data to transport, you use Johny Mnemonic. [imdb.com] I hear he can carry nearly 80 Gigs of data in his head.
  • Is it really lost? (Score:4, Insightful)

    by Sheetrock (152993) on Tuesday June 07, 2005 @12:18AM (#12743550) Homepage Journal
    I'm sure the data's still there. Maybe someone else has access to it, but that doesn't affect the original.

    I never really understood why they called it identity theft. Much like I can't understand why they call it "stealing" music. Nothing's actually gone -- it's really more of an identity infringement.

  • by Deep Fried Geekboy (807607) on Tuesday June 07, 2005 @12:19AM (#12743555)
    The only way to solve this is to attach a cost to personal data. As soon as you do this, companies will instead of trying to collect as much data as they can, treat it (rightly) as something they should collect as little as possible. Lost data should have a cost to it which sends shudders down the spine of Chief Financial Officers.

    I expect this will take a big class action lawsuit, but if I were a company of any size which handled confidential client data, I would be scrambling for a way to reduce my liability.
  • Data separation (Score:4, Interesting)

    by digidave (259925) on Tuesday June 07, 2005 @12:19AM (#12743557)
    There is no reason why this data needs to be shipped together. Citigroup should keep social security numbers serparate from names, separate from account history, separate from address, etc. All this can be assembled when needed and it would make it much harder to steal useful data or for a criminal to make use of any lost tapes.
  • Google Ads (Score:2, Funny)

    by Adrilla (830520) *
    In the Google ads in the sidebar next to this story they have a listing for "Jobs at UPS". Extremely fitting for this situation as there has to be a few employment spots opening up at 'brown' after this incident.
  • by adavies42 (746183) on Tuesday June 07, 2005 @12:21AM (#12743567)
    As this is just another in a long string of weekly "your vital data stolen" stories, I'm starting to wonder: have big companies always been this fucking careless, and it's only due to SOX et al. that we're learning about it now? I'm not even sure which I'd prefer.
    • Customer information has never really been safeguarded in the past. Not only was it considered open for telemarketing or junk mail purposes, but I seem to recall a patch there where some companies were actually using prison industries to fill these jobs.

      Consequently, I'd say the reporting has gotten better rather than that the companies have gotten worse. Ten years ago privacy wasn't even a concern for customers because few were abusing this information.


    • I guess you've never worked for a big company :D
  • by Lead Butthead (321013) on Tuesday June 07, 2005 @12:23AM (#12743582) Journal
    These are the people that would pay through the nose for armoured car to truck their cash around, but would send huge amount of customer information through UPS.
    • Not just cash, but paperwork like transaction records etc. Why were those tapes sent UPS?
    • by El Camino SS (264212) on Tuesday June 07, 2005 @01:38AM (#12744037)

      Well, that is because credit card companies don't care about you on a cosmic level. Damn right they never cared about your data. Hell, they sold it to every company on the planet already!

      Why would they? What are you going to do? "Cancel your card? YOU HAVE A BALANCE! MUAAHHAHAHHHAHA! Fraud you say? Yeah, right! I don't care if you have Cancer, get back to work you deadbeat."

      Most of America is in a you're-screwed-bonus-round with these jackasses. They give a crap about your data. These are the same generous, kind, and loving souls that sold you out to begin with. Everybody at light-my-fart.com got your name and address from them, why shouldn't they just get the freakin' credit card numbers, too?

      Credit card companies are the big banking's little thugs.

      Q: What's the difference between a credit card company and a loan shark?
      A: Loan sharks tell you up front what they're going to do if you don't pay up.

      Look, they never cared. They might feel bad, but I guess they feel bad about it in the same way that Satan would feel bad about killing children in a freeway pileup. "Whoops! *Chuckle*!"

      Nothing punitive is ever going to come of this. If you have any doubts, recognize this:
      Didn't our wonderful President just sign a bill for you to never be able to declare bankruptcy, even if you get freakin' terminally ill? I wonder who wrote that gem of a law for the people? Hmmmm. The President could give you a NO THANK YOU option on Social Security for the generations that will get nothing. That didn't happen. He wants to FORCE you to put your social security money in a special PRIVATELY OWNED BANK right now, in a way that you can never touch it. Wow. Who put that racket together?!? He's spending every waking moment touring the country supporting that agenda! Golly Gee whiz, I wonder who helped him see the light on that? I for one, trust our corporate masters. They would never screw us over. Never.

      Trust me. Nothing will ever come of this. You have been warned.
  • when will they learn?

    don't they even care for encrypting data in removable media?

    that's so lame!

  • by hsmith (818216) on Tuesday June 07, 2005 @12:23AM (#12743590)
    will be taking their business elsewhere

    i am moving from BofA after their mishap.

    Somewhere smaller, hopefully more secure.

    Hit them where it hurts!!!!
  • by ortholattice (175065) on Tuesday June 07, 2005 @12:24AM (#12743596)
    I guess not, otherwise this would be a nonissue. It is unbelievable that in this day and age a company the size of Citigroup would ship unencrypted tapes. Geez, it is trivial to do and a no-brainer. Really, whoever is in charge of IT security policy there is an idiot and should be fired immediately and any security credentials (like CISSP) stripped so he/she can't pull another fast one on some other company. This is the height of absurdity and irresponsibility.
  • by Doc Ruby (173196) on Tuesday June 07, 2005 @12:25AM (#12743601) Homepage Journal
    CitiGroup no doubt spends millions each year on network encryption for data transmitted across WANs. I wonder if the data on these tapes was encrypted? Since they're "backups", I doubt it. Sure, UPS screwed up the sensitive task entrusted to their expert professionals. But CitiGroup took an unacceptable, unnecessary risk by allowing the task to be so sensitive. They should all have to indemnify every exposed CitiGroup customer from identity crimes in perpetuity, including the time the customers spend managing this exposure.
    • by DJStealth (103231) on Tuesday June 07, 2005 @12:55AM (#12743794)
      From TFA:
      "We deeply regret this incident, which occurred in spite of the enhanced security procedures we require of our couriers," Kevin Kessinger, executive vice president of Citigroup (Research), said in a statement. "Beginning in July, this data will be sent electronically in encrypted form," said Kessinger, who heads the company's consumer finance business in North America.
      The above quote implies that currently it is not in encrypted form.
  • by bziman (223162) on Tuesday June 07, 2005 @12:27AM (#12743614) Homepage Journal
    Just today, I got a letter from an affiliate of Sears Credit (which was acquired by citi) who insured my line of credit. But I close all my accounts with them ages ago (because I try my best to avoid doing business with citi because of their predatory marketing tactics). So today, I called them up and asked them why my info was even still in their system. They acknowledged that the letter was a system glitch and that it was a duplicate of a letter they mailed me ages ago when I closed my account (which is plausible), and then explained that they are *required* by Federal Law (I think he quoted the Fair Credit and Reporting Act) to keep all of my personal info, including my SSN on record for seven years.

    There is definitely something wrong with this system! I'm all for doing without consumer credit, but it's simply not feasible.

    Perhaps we need a public-key style scheme where we generate a unique private key that we use to encrypt things like credit card applications, and then the public key is on file with the government and credit card companies and the like. That way only we have access to important private information, but the credit reporting agencies and the government can still keep track of us the way they do currently.

    This would beat the hell out of biometrics and nonsense like that (you can't bloody send someone a retina scan over the internet or through the mail!), and it would do something to improve our privacy by preventing people from faking your identity.

  • If they really wanted security, they should have not used UPS. Heck, even my employer, FedEx, is out of the running.

    Frankly, Registered Mail [everything2.com], as offered by the US Postal Snail [usps.com], would have been the way to go.

  • Jesus, in recent days I've taken it in the teeth by the failure of institutions to protect my personal data.

    UC Berkeley sent me a letter telling me they failed to protect my data. University of Chicago came next. And now Citigroup.

    I'm picking far too many winners lately... :-(
  • Obvious (Score:5, Funny)

    by YrWrstNtmr (564987) on Tuesday June 07, 2005 @12:33AM (#12743661)
    Search for 'high security' [ups.com] at ups.com:

    Find Results With
    The exact phrase high security
    Search for "high security" found 0 matches.

  • As a UPS employee... (Score:4, Informative)

    by ap0 (587424) on Tuesday June 07, 2005 @12:36AM (#12743681)
    I bet we're going to get bitched at tonight to scan all our packages! I load the semi trucks that haul grond packages across the country and don't think any foul play is involved. There are quite a few things that could have happened to it. It might have even ended up in another customer's package if it's very small. We should have been able to find it, though. It's pretty damn difficult for a package to get lost for more than a couple days in our facilities.
  • Because the tapes were encrypted wern't they... er... Wern't they?

    0.o
  • Lost? (Score:3, Insightful)

    by kiddailey (165202) on Tuesday June 07, 2005 @12:37AM (#12743692) Homepage

    Isn't this the second time (or more, most likely) that a set of shipped customer has been "lost?"

    It's quite possible that the scum of the universe that feeds on harvested identities has gotten sophisticated enough that they are now able to identify such in-transit packages and have them go missing.

    Bottom line -- companies should not be shipping this type of information via common carriers.

  • Just goes to show you that writing "Backup of customer data" in the goods declaration of the shipping form isn't a good idea ;)
  • Lecture Time (Score:5, Insightful)

    by NetSettler (460623) <kent-slashdot@nhplace.com> on Tuesday June 07, 2005 @12:42AM (#12743720) Homepage Journal
    Having myself been lectured (and inappropriately, by the way) by Citibank employees about how it's my own fault my credit card interest rates went up (it wasn't, by the way), I hope at minimum that someone sits down the entire senior staff of this company and lectures them like they were children for many hours, making them feel as embarrassed and disrespected as they routinely do to their customers.

    And then, just to make the point, they should have to pay not just whatever court-assessed penalties, but that amount plus 24.99% retroactively applied to the entire amount backdated from the time they finally pay all the way back to the time of the incident, just like they're always raising people's interest rates to unreasonable amounts like that even retroactively on purchases already made, and to ensure that they pay in a timely way.

    And it goes without saying that reparations should be paid personally by the people who run the company, not passed along to customers.
  • What's the fastest way to transmit stolen data? Modem, T1, T3 - or a UPS truck full of tapes?
  • After learning about a string of these 'mishaps' here lately, I wonder who *really* has the lost data now and what are they going to do with it.

    Mere fraud is too obvious and passe.

    Could be the start of something more sinister....

    Be on your guard, people.
  • by RPI Geek (640282) on Tuesday June 07, 2005 @12:53AM (#12743782) Journal
    As yuo no, we are comited to protectng your prievecy adn as such we need u 2 veerify yuor account by going 2 this site CITIGROUP.COM [slashdot.org] adn entreing lots of peersonil info.
    Tahnk you 4 ur help in tihs imprtnt matter
    Signed, CITIGROUP
  • by rogueuk (245470) on Tuesday June 07, 2005 @01:16AM (#12743910) Homepage
    so why even bother trying to protect your identity if some company is going to go and give it away..so far this year info that could be used to take my identity has been:
    • stolen from saic
    • illegaly sold by bank of america
    • lost by citibank
    awesome! thanks a lot guys
  • Citigroup in Mexico (Score:3, Interesting)

    by Spy der Mann (805235) <spydermann,slashdot&gmail,com> on Tuesday June 07, 2005 @02:06AM (#12744164) Homepage Journal
    Here in mexico there are suspicions of dirty operations by Citigroup. i.e. millionary tax fraud when buying mexican bank "banamex". Mexican News Reporter Lily Tellez has received death threats because she spoke about it.

    And you thought losing some customers' information was serious. Ha hah.
  • Biometrics (Score:3, Interesting)

    by gregor-e (136142) on Tuesday June 07, 2005 @07:35AM (#12745193) Homepage
    This sort of thing is just gasoline on the fire for using biometrics for identification. Once all transactions are backed by solid proof of id, your SSN and credit card numbers can be openly published right next to your address and phone number.
  • by Anonymous Coward on Tuesday June 07, 2005 @07:38AM (#12745202)
    But I gotta tell you, making sure the box was taped shut before tossing it at a random UPS worker itself was an unusual act of caution, for C-bank. I worked at the ops center for five years, and the statements you fill out are simply dumped into a shredder truck - papers fly everywhere and blow in the wind. Checks, sometimes boxes of them, get lost. A few of my fellow employees were caught stealing and "excused". A few more were never caught.

    What, you think there's something special about C-bank? No, they're the rule, not the exception. Every financial institutions cares just about the same amount about your data, and your life - in fact, the only money they really watch out for is the huge sums the company gets to keep for itself - THAT money (and the company's data) gets MUCH more carefully guarded!

    My rule these days is, giving away information that you don't have to is like giving whiskey and car keys to a teenager. So apply for the credit card, but just write "disconnected" in the phone number box. Use several free email addresses and make sure they're evenly distributed as contact drops. Make a "mistake" in estimating your exact gross annual income, when reporting it to anybody but the IRS.

    The point is not to be subversive, but just to be realistic. The information age has spawned a paper-happy beuracracy driven by bean-counters who want you life history at every other step. Check it yourself - 90% of the data that you go though life writing in little boxes is simply dropped into a filing cabinet unread, unneeded, and ignored. I've gotten driver's licences with no address (just a PO box!), paycheck stubs with no SS number on them (you can ask to get it removed), and once got Household Credit to approve "Barney the Purple Dinosaur" for a credit line of $250. (To the best of my knowledge, the address I did this at *still* gets offers for him...)

    Most of the people who key the data from your form to the computer do not even speak English! In fact, the most likely method for your data to be read is for the processing center to OCR-scan (or flat picture scan) it into a computer, where the images can then be beamed to the lowest-bidding Malaysian crack monkey (anywhere in the world) who "reads" the picture of your data and keys it in. And they're feeling the pressure from machine-AI reading programs, which are able to translate more and more of your hand-writing with a higher percent-chance of confidence every day.

    Bottom line, if you throw a "Jr" onto your name half the time and half not, or only use your middle initial as the fancy strikes you, you're lying to no-one but an SQL database app, and you're only doing what little is in your power to confuse would-be identity thieves; necessary in a world that will always refuse to protect you!

"All my life I wanted to be someone; I guess I should have been more specific." -- Jane Wagner

Working...