Citigroup Loses Data on 3.9 Million
Citigroup disclosed this week that a box with computer tapes containing personal data on 3.9 million U.S. customers was lost by UPS. The news is the latest in a string of data losses that open the door for identity theft.
Citigroup said the tapes stored Social Security numbers, account numbers and payment histories of both active and closed accounts at the company's CitiFinancial's branch network. CitiFinancial Auto and Mortgage customers were not affected by the loss.
CitiFinancial has begun sending letters to all of its 3.9 million customers informing them of the incident and offering a free month of credit monitoring. The company has also contacted the Secret Service and other law enforcement officials, but said risk of identity theft was low.
In a statement, CitiFinancial said it "had no reason to believe that this information has been used inappropriately, nor has it received any reports of unauthorized activity."
UPS took full responsibility for the loss, which occurred despite enhanced security measures implemented after Citigroup's Japanese bank lost data on 120,000 customers when boxes fell out of a truck during transport in February 2004.
"We sincerely regret that in this case we have not been able to find this package. We did conduct an exhaustive search," UPS said in a statement. The company promised it will make sure this doesn't happen again, but Citigroup is already planning to drop physical transport altogether.
In July, Citigroup will start transporting customer records electronically using encryption, rather than rely on third parties.
Citigroup isn't the only company affected by such a loss. Last month, Time Warner lost data on 600,000 employees when tapes were misplaced during transport to a backup facility. In December, Bank of America said personal information of 1.2 million federal employees went missing while in transport by a commercial airline.
The recent disclosures of personal data being leaked have raised fears of identity theft in the electronic age, and have brought calls for Congressional oversight of the way consumer information is handled.