Citigroup Gives Up The Data Goods On Millions
from the privacy?--bah dept
Mel and Carlo both submitted this story at the same time, saying that Citigroup has leapfrogged their way into the lead of the contest for the most egregious data privacy breach by losing detailed info on 3.9 million customers, including “Social Security numbers, names, account history and loan information about retail customers, and former customers.” If history is any guide, the numbers will probably go up. Also, the company seems fairly laid back about the breach, noting that they’re sorry about it, but taking a tone that suggests, you know, these things happen. They also mention that starting in July, they’ll start encrypting such data. Update: Ah yes, it’s been pointed out that I left out the best part of all of this. The data was lost by UPS (what can Brown do for your data privacy?) who was transferring the backup tapes around.
Comments on “Citigroup Gives Up The Data Goods On Millions”
Movie?
I believe I heard it in a movie once – “Don’t try to frighten us with your sorcerer’s ways…your sad devotion to that ancient religion hasn’t helped you conjur up the stolen data tapes…”
Beware UPS
My brother worked there for a while, just long enough that they didn’t have to pay him benefits of course, just like everyone else. He saw a lot of things “disappear” off the truck. Thinking of insuring your package? UPS will mark it with a sticker indicating that it is insured. The employees see the sticker and that package has less chance of making its way to the destination, especially if it is small.
Re: Beware UPS
1. If your brother was a driver – his benefits package is determined by Teamsters.
2. UPS does not sticker (or mark) insured packages.
Not Backups..
My understanding is these were tapes destined for a credit reporting agency. It also appears they were not encrypted. Now I have to verify that my business follow the new PCI vaildation system invented by Citigroup and others that requires me to preform due diligence with all my credit card data. And have a seperate company certified by Citigroup do the testing of my security. Which ironically includes that I encrypt all backup and transfered data plus 10 more pages of security requirements. http://usa.visa.com/business/accepting_visa/ops_risk_management/cisp.html?ep=v_sym_cisp
Dont do as I do, do as I say.