3.9 Million Citigroup Customers' Data Lost 602
Rick Zeman writes "CNN.com is reporting that United Parcel Service has lost backup tapes containing the identies of 3.9 million Citigroup customers. According to UPS, '... a "small package" containing data storage tapes was lost while being transferred to a credit reporting bureau.' According to Citigroup, they 'included Social Security numbers, names, account history and loan information about retail customers, and former customers, in the United States.'"
As a UPS employee... (Score:4, Informative)
Re:You break it, you buy it. (Score:5, Informative)
Re:Inappropriate for your bank to have your info? (Score:3, Informative)
Ex-Citi Employee (Score:2, Informative)
Re:Nice to know where their priorities lie (Score:3, Informative)
complaint seriously?
All of them don't. If you get your number stolen, they just issue you a new one. Unless there's a mass compromise, they ignore the thieves, as (to them) it's not worth the time and effort to go after them, even if you give them lots of leads. After all, they aren't out the money, and neither are the banks involved (there's an issuing bank - your bank, and the merchant bank - the bank that processes the payment) - the people who get screwed are the merchants.
They Can Be Fined.. (Score:5, Informative)
They can be. GLBA, as it's known in the financial services circles, requires any financial institution to design, implement, and maintain controls to protect customer confidential data, which it appears is what was lost. Whether it's an audit trail for a system running on the network, or encryption when travelling on an unprotected network, GLBA dictates that the highest level of care be used when handling customer data. It is something that we in the banking world take very, VERY seriously.
If they so chose, the FTC, the OCC, the SEC, the CFTC, or state insurance regulators could fine Citigroup for violations of GLBA.
Re:*blinks* (Score:1, Informative)
What good would it do? (Score:3, Informative)
And what good would that do? Unless you're buying your Congresscritters 30 second spots or shuttling them around in your private jet with the very accommodating flight attendant, then you're barking at the breeze, buddy.
In this age of government by the highest bidder, the people losing your data are the highest bidders. Too bad. You can get as mad as you want but it doesn't change anything.
Re:How often does this happen now? (Score:2, Informative)
UC has a number of servers behind a specific firewall and on a private portion of the LAN that cannot be accessed from the internet. I know because I have to travel to campus daily to use several of them. Why this server wasn't in that group, I guess would have been the more appropriate question.
Re:Lecture Time (Score:5, Informative)
It never occurs to anyone that the Bank, and not me, might be the one who didn't like their end of the contract...
I I got an adverse credit report and they raised my interest. The nature of the adverse report? I had used my card.
Yes, they give you cards at a certain interest rate and if you've never seen it happen, you can use them responsibly, make your payments, etc. and still end up with a "too much unsecured credit" marker from the credit agencies because they decide (after issuing the cards, when they realize you're going to use them) that you borrowed too much (i.e., that they offered you more credit than they meant to). They don't frame it (as they should) as "oops, we didn't mean to authorize that card. They think it's my burden to keep track of that, I guess. And I thought it was just my burden to make the payments.
Have I failed to keep my credit current? Nope. I managed to keep up to date even with the near crippling interest rates. But I did my financial planning based on the smaller interest rate they had originally negotiated with me, not realizing I'd be a bad customer by merely using my cards. I just had some intermediate bloat while I waited to sell my house and needed a large amount of short-term credit to cover some upgrades on the house while it was preparing for sale. I saw my rates jump from single-digits into the 20's.
Why did they do it? Because their economic models said I was a risk and because they could. But then, with all that personalization (by which they mean a "photo on the card") it never occurred them to just call me and talk to me about what was going on in my life and to find out why my balance was high. Some personalization.
First USA (bought by BankOne, then bought by Chase) and MBNA are the absolute worst. Citibank and Sears were intermediately aggressive. They're all suddenly calling me a valued customer and offering me single digit rates again now that my house got sold and I paid some of it back down.
They spend tons of money trying to detect bad customers. They spend nothing trying to detect good customers. You're right I'm bitter.
But, just to stay on topic (which your uninformed, ad hominem attack on me was not, IMO), my real point is that the credit card companies behave in a routinely holier-than-thou way about everything they do involving money, while they soak the public for infinite money. Then on top of large profits, they ask a Republican Congress for a change to the bankruptcy bill because they allege they are being soaked by bankruptcies, even though they're seeing huge profits even before the changes. To listen to these megabanks, they are the victims and we the public are the powerful perpetrators. I just don't see it. So I see no reason not to be quite harsh with them when they screw up.
Trick of the trade (Score:2, Informative)
My guess is the Citibank shipping drones weren't flagged as to the value of the contents and shipped it out at 1# for $3.85, values at $100 (default/no extra fees).
Sure hope that $100 they get from UPS covers all of Citibanks' expenses.