Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

3.9 Million Citigroup Customers' Data Lost

timothy posted more than 9 years ago | from the gee-maybe-they-should-collect-less dept.

Privacy 602

Rick Zeman writes "CNN.com is reporting that United Parcel Service has lost backup tapes containing the identies of 3.9 million Citigroup customers. According to UPS, '... a "small package" containing data storage tapes was lost while being transferred to a credit reporting bureau.' According to Citigroup, they 'included Social Security numbers, names, account history and loan information about retail customers, and former customers, in the United States.'"

cancel ×

602 comments

Sorry! There are no comments related to the filter you selected.

And what did the UPS guy say? (5, Funny)

Kaisum (850834) | more than 9 years ago | (#12743508)

"oops"

They changed their slogan: (5, Funny)

game kid (805301) | more than 9 years ago | (#12743526)

UPS: What can BROWN lose for you?

The important thing is... (0)

Anonymous Coward | more than 9 years ago | (#12743509)

...were they insured?

How often does this happen now? (5, Interesting)

ZephyrXero (750822) | more than 9 years ago | (#12743510)

A week hasn't gone by this year that some major data warehouse hasn't been "broken into". When are these people going to start taking our privacy and their security a little more seriously...

Re:How often does this happen now? (2, Insightful)

DrEldarion (114072) | more than 9 years ago | (#12743545)

When their customers actually start caring and making them realize how much of a mistake losing our data is? This will affect nearly nothing (because most people won't hear about it and many who do won't care), and business will go on as usual. If the customers actually took a stand, maybe we'd see some improvement.

*blinks* (5, Insightful)

Scum Puppy (75891) | more than 9 years ago | (#12743580)

You have to be kidding me. UPS? To transfer secure information? Where I work, we receive a backup tape from a production system that we load that contains sensitive data. That tape is sent back to my group via Iron Mountain (and we send the old tape back the same way). And this isn't even stuff as high profile as like what's Citigroup apparently lost. When services exist like this to facilitate occasional, VERY important shipments, there's just no excuse using UPS or Fedex. I fear for the free market if this is "business as usual" for it.

Re:*blinks* (5, Interesting)

ZephyrXero (750822) | more than 9 years ago | (#12743625)

Regardless of who they used, why didn't they have some sort of encryption on the data? I'm not blaming UPS, I'm blaming Citibank...

Re:*blinks* (2, Interesting)

Cocteaustin (702468) | more than 9 years ago | (#12743638)

Um, yeah. Nearly the same thing happened with an Iron Mountain truck [internetnews.com] in April. It may be time to review your archive plan, there, chuckles.

Re:How often does this happen now? (1, Funny)

Fulcrum of Evil (560260) | more than 9 years ago | (#12743581)

A week hasn't gone by this year that some major data warehouse hasn't been "broken into". When are these people going to start taking our privacy and their security a little more seriously...

It really isn't that bad - it's just that slashdot keeps reposting the same stories over and over again.

Re:How often does this happen now? (2, Insightful)

OverCode@work (196386) | more than 9 years ago | (#12743607)

As soon as it starts costing them money not to. That is the *only* way they will change.

-John

Re:How often does this happen now? (3, Interesting)

wft_rtfa (882194) | more than 9 years ago | (#12743627)

Actually all this hacking and losing of data has been happening for quite some time. We are just now hearing about it more because California passed a law requiring people to be notified of data loss.

In this case, the lost cargo is probably in a UPS warehouse somewhere. They probably ran over the cargo with a forklift, and it's currently unidentifiable.

See http://www.perkinscoie.com/content/ren/updates/eco mm/062703.htm [perkinscoie.com] for more info on the CA law.

Re:How often does this happen now? (1)

jsheedy (772604) | more than 9 years ago | (#12743632)

You sometimes wonder if this is not on purpose, some type of plan so that you will purchase their credit protection plan. Of course they would open themselves up for an endless number of lawsuits, but none the less it sucks

In other news, (3, Funny)

Ray Alloc (835739) | more than 9 years ago | (#12743513)

3,9 million more recipients for "refinance NOW" spams...

Whooooppss.... (0)

Anonymous Coward | more than 9 years ago | (#12743514)

We're in trouble now...

Should have had that special combustible backup tape. It's still experimental, and it's slightly difficult to keep it from exploding inside the tape backup system, but it's very helpful in keeping important, critical data from other people.

Re:Whooooppss.... (1)

lee13se (778395) | more than 9 years ago | (#12743559)

"Should have had that special combustible backup tape."

Or just encrypted the data before sending people's data in the mail. I have always heard to not send cash in the mail for this reason.

Encrypted Backup (0)

Anonymous Coward | more than 9 years ago | (#12743515)

I hope they were encrypting their backups. It's only common sense to do that, right?

Re:Encrypted Backup (1)

eyegone (644831) | more than 9 years ago | (#12743562)


I hope they were encrypting their backups. It's only common sense to do that, right?

Actually this could be a very bad idea. Imagine trying to retrieve badly needed data from a 5-year old encrypted tape.

In this case it was data being sent to a credit bureau, rather than a backup, so it most certainly should have been encrypted.

Re:Encrypted Backup (1)

dotgain (630123) | more than 9 years ago | (#12743600)

I hope they were encrypting their backups. It's only common sense to do that, right?

Goodbye hardware compression...
True, you could compress them before encryption, but that's more host cpu load. If anyone gets hold of my backup tapes then, well - if they have the same success getting anything back off them as I do, then I'm not worried at all.

Re:Encrypted Backup (1)

mrchaotica (681592) | more than 9 years ago | (#12743713)

Obviously, the solution if you want the compression in the hardware is to put the encryption in the hardware too.

Otherwise, can't you just compress the encrypted data? It wouldn't be as efficient, but it should compress some, right (especially if you carefully chose the encryption algorithm)?

Unacceptable (5, Insightful)

Adrilla (830520) | more than 9 years ago | (#12743517)

These companies are treating this information far too trivially. Laws need to be passed that will make this type of carelessness illegal and/or compensate these customers for losing their info. I think the lack of trust from customers would be incentive enough, but obviously it isn't, so more needs to be done to prevent these fiascos. And on another note, why aren't more consumers, in this day of rampant identity theft, completely outraged by these events. What is this the fourth incident in the past few months (and I'm probably lowballing the number)? This is simply unacceptable.

Re:Unacceptable (1, Insightful)

Anonymous Coward | more than 9 years ago | (#12743573)

Laws need to be passed that will make this type of carelessness illegal

How can you make an accident illegal ?

Sure it sucks, but the real problem is the relentless greed that large companies are founded on and their tremendous arrogance and reliance on vast databases of personal info to sell products and the near-compliant and unquestioning attitude joe public has to handing his personal info over to anyone for any service.

The only way these sort of problems will be eliminated is if we end that scenario. Keeping vast databases of personal info will only lead to trouble, there is no other outcome.

Re:Unacceptable (1)

ZephyrXero (750822) | more than 9 years ago | (#12743603)

But without all that data how will the mind police keep us in check one day?

Re:Unacceptable (4, Insightful)

britneys 9th husband (741556) | more than 9 years ago | (#12743652)

How can you make an accident illegal ?

You can't, but you can make the things that tend to lead to accidents illegal. You'll notice there's no law against getting into a car crash, but there are lots of laws about driving too fast, running red lights, driving drunk, unsafe lane changes, etc etcet c.

Same idea here. If I can be fined for driving 100mph because it might cause an accident, Citibank should be able to be fined for sending unencrypted data via UPS because it might cause an accident.

Re:Unacceptable (1)

Adrilla (830520) | more than 9 years ago | (#12743672)

This incident may have been an accident and I understand that, but this is highly sensitive data and precautions should've been taken that placed more value on this shipment. There have been too many occurances of loss of customer information. Sooner or later they're gonna have to make an example of someone. As far as databases of personal info are concerned, they're not going anywhere, so something has to go into place that places more protection upon them and punishment for letting that info get out without permission, because this shit is getting out of hand.

Re:Unacceptable (1)

zanderredux (564003) | more than 9 years ago | (#12743605)

In the other hands, financial institutions are already excessively burdened with bureaucratic monstrosities like Sarbannes-Oxley (which created yet another revenue stream for auditors).

The lawmaker's ability to entirely miss the point never ceases to impress me!

Re:Unacceptable (1)

BigBuckHunter (722855) | more than 9 years ago | (#12743637)

But "Laws" are already in place here in the US. You could file a civil suit tomorrow if your credit is compromised by this data loss. Getting the government involved would only serve to further federalize our financial infrastructure (something that we don't really want nor need here in the US). Take it from someone who has just gone through a SAS 70 audit.

BBH

Re:Unacceptable (2, Insightful)

ZephyrXero (750822) | more than 9 years ago | (#12743709)

As much as I'd hate to give yet even more power to the federal gov't, it's just about the only way to make these people do what should be both common sense and courtesy for their customers.

You'd think.. (0)

Anonymous Coward | more than 9 years ago | (#12743518)

that they'd use some (original) PGP derivitive encryption and maybe even a biometric scanner 'key' to the data. If they did they sure as hell would do good to mention it before people get all their panties in a wad..

Statement (2, Funny)

superpulpsicle (533373) | more than 9 years ago | (#12743527)

Customer: Hi sir, I have my paper statement here which claims I had $1,000,234.01 in my account a month ago. Please bring my account back.

Employee: Ummm, let me verify that with my datab... I mean.... let me get my manager.

Customer: No problem. Take your time. Would you like some free coffee. It's on me.

Gives new meaning to their slogan (5, Funny)

gooman (709147) | more than 9 years ago | (#12743528)

What can Brown do for You?

Re:Gives new meaning to their slogan (0)

Anonymous Coward | more than 9 years ago | (#12743570)

Would "Brown" refer to the shit in their pants when the higher ups heard this happened?

Re:Gives new meaning to their slogan (1)

SpartanVII (838669) | more than 9 years ago | (#12743577)

I think you mean...

What can Brown do you for?

;-)

Support legislation for criminalization of this (4, Insightful)

Bamfarooni (147312) | more than 9 years ago | (#12743530)

If we create legistlation that makes losing customer's personal information a criminal offense, then maybe these giant megalomerates will stop collecting (and abusing) it.

Re:Support legislation for criminalization of this (1)

damsa (840364) | more than 9 years ago | (#12743624)

So you want financial insititutions from collecting financial information from people? Makes sense. I propose a new way of getting approved for home loans. Magic 8 ball loan. Instead of complicated formulas, under writers, and stolen identity we can use a Magic 8 ball. You shake, ask can I get a 100k loan to buy a house. Answer. Outlook not good.

Re:Support legislation for criminalization of this (1, Insightful)

Anonymous Coward | more than 9 years ago | (#12743633)

Please consider the purchase of the DMCA, which was bought out of petty cash.

What do you think the megalomerates will say to your congresscritter?

"Would you sleep with us for ten million dollars?"

"Of course."

"Then how about a ten thousand dollar 'campaign contribution.' "

"Please, what sort of person do you think I am?"

"We've already established that. Now we're haggling."

Inappropriate for your bank to have your info? (1)

AHumbleOpinion (546848) | more than 9 years ago | (#12743645)

If we create legistlation that makes losing customer's personal information a criminal offense, then maybe these giant megalomerates will stop collecting (and abusing) it.

Regarding your collecting comment: just how is it inappropriate for your bank to have your name, address, SSN, and additional financial info like the accounts and mortgage you have with them?

Re:Inappropriate for your bank to have your info? (0)

Anonymous Coward | more than 9 years ago | (#12743715)

Contrary to all popular belief, a bank doesn't -need- any information about -you- (certainly not SSN!) In fact, why can't customers have anonymous accounts?

Re:Support legislation for criminalization of this (0)

Anonymous Coward | more than 9 years ago | (#12743701)

The last time I checked, a "crime" requires both that the act be illegal and that there is intent to perform that act. You can make losing data illegal all you like, but it won't be a criminal act unless the company *intends* to lose it. Without intent, all you have is negligence (unintentional tort).

/IANAL
//Can't be bothered to remember login.
///FARK refugee

Re:Support legislation for criminalization of this (1)

Sheepdot (211478) | more than 9 years ago | (#12743717)

If we create legistlation that makes losing customer's personal information a criminal offense, then maybe these giant megalomerates will stop collecting (and abusing) it.

I always see these kinds of comments and have to wonder: what is it about the US judicial system that makes the US legislative system seem like the cure for all social ills?

Look at what the US legislative system has gotten us: social security numbers (ok executive branch helped here too), DMCA, laws against bankruptcy, etc. How exactly is pressuring legislators going to do anything but make them push harder for things like a national ID card? What makes you think that credit card companies and banks aren't going to then add a box for that?

Hmmm... (0)

Anonymous Coward | more than 9 years ago | (#12743534)

Very humbling to know.

remember folks (5, Insightful)

Anonymouse Cownerd (754174) | more than 9 years ago | (#12743535)

just because you didnt hear about things like this in the past doesnt mean they didnt happen.

Re:remember folks (1)

The Analog Kid (565327) | more than 9 years ago | (#12743558)

I also seem to remember UPS misplacing the Stanley Cup in one of their warehouses. This event doesn't quite shock me, knowing the past history of it's carrier.

Re:remember folks (1)

mesach (191869) | more than 9 years ago | (#12743566)

The problem with this statement is that in the past most everything was kept on paper and losing 3.9 MILLION customers private information would have been a truck load, today its as easy as losing a small package of backup tapes.

is it hot in here? (5, Funny)

qda (678333) | more than 9 years ago | (#12743540)

seems the brown has hit the fan

Mod parent funny :) (1)

ZephyrXero (750822) | more than 9 years ago | (#12743663)

Congradulations on making the first "brown" related comment that's actually funny :)

3.9 million? (1)

SQLz (564901) | more than 9 years ago | (#12743546)

With that many customers, they should have their own armed shipping dude.

Can't these companies be sued? (1)

nebaz (453974) | more than 9 years ago | (#12743547)

For negigence?

Re:Can't these companies be sued? (1)

BigBuckHunter (722855) | more than 9 years ago | (#12743664)

Only if you can correlate the data loss to an incedent of identity theft, or other general misuse.

BBH

Sensitive Data via UPS? (5, Insightful)

Lithium_Golem (730956) | more than 9 years ago | (#12743549)

I used to work for UPS customer service. I'd say at least .1% of all packages either get damaged or lost during shipping. Shipping packages of low value is no big deal, your losses over time will be minimal. Shipping packages of high value, however, will result in considerably larger losses over time. DO NOT SHIP YOUR HIGH VALUE GOODS VIA UPS/FEDEX/DHL/ETC. I cannot stress that enough. Hire a private courier. Hire someone in your company. Drive it yourself. Find someone with better than a 99.9% success rate if your package is worth millions.

Please mod up parent! (1)

ObiWonKanblomi (320618) | more than 9 years ago | (#12743674)

I agree with the parent 110%. Would a store pay the Postal Service to transport money to a bank? No! They use armored transport.

Re:Sensitive Data via UPS? (1)

The Wicked Priest (632846) | more than 9 years ago | (#12743675)

My thoughts exactly. The tape should've been on one of those armored trucks -- Wells Fargo, Brinks, etc. I guess they were looking at it as a redundant backup copy (low value), instead of looking at it as they should have: a target for identity theft (extremely high value).

Re:Sensitive Data via UPS? (3, Interesting)

Anonymous Coward | more than 9 years ago | (#12743705)

You are so full of crap you damn UPS apologist.

> .1% of all packages either get damaged or lost during shipping

You obviously have zero experience in the shipping field despite your claim to have worked for UPS. It isn't uncommon at times to have 100 times that percentage of packages lost or damanged by us. We are a union shop so the lazy thugs we have can get away with anything. For example at the terminal where I work, a local jewelry store went out of business and shipped-out about four dozen nice watches to a broker. Now almost every employee at this terminal has a nice brand-new watch. Another example, Kel-Tec CNC released a new pistol a couple of years ago. One of the drivers here picked-up the first few batches of pistols from them. Not a one of them made it to the FFL's who ordered them. The BATF couldn't even get UPS to take action against the union.

In both cases UPS couldn't fire a single person. Our union allows us to damage or steal as much as we want to. Your 0.1% number is complete crap. If you're shipping something worthless, broken, or bulky that's not worth the time for a union member to steal, you might only have that small of a loss. Otherwise, my coworkers can and will steal. And good luck colleting from UPS. We pay-out on less than 2% of the packages that are damaged and on less than 5% of the packages lost.

Skinner

Re:Sensitive Data via UPS? (1)

Lithium_Golem (730956) | more than 9 years ago | (#12743747)

Get it straight, I said "at least .1%" There are outlets with near perfect service ratings and there are outlets with very poor service ratings. The center I worked for had a 99ish% delivery rating during the Xmas season and higher in the Summer.

Is it really lost? (3, Insightful)

Sheetrock (152993) | more than 9 years ago | (#12743550)

I'm sure the data's still there. Maybe someone else has access to it, but that doesn't affect the original.

I never really understood why they called it identity theft. Much like I can't understand why they call it "stealing" music. Nothing's actually gone -- it's really more of an identity infringement.

Re:Is it really lost? (1)

dotgain (630123) | more than 9 years ago | (#12743662)

You've at least got to give the headline a perfect ten for sensationalism.

Damnit (0)

Anonymous Coward | more than 9 years ago | (#12743551)

Why didn't they just transfer the information over the Internet?

Re:Damnit (1)

the MaD HuNGaRIaN (311517) | more than 9 years ago | (#12743591)

Mod parent up....

The funny thing is that in TFA, it said "starting July, data will be transmitted in an encrypted form, electronically."

I have a sinking feeling that the data on the tapes wasn't encrypted, even though it would have been trivial to do so.

What are these guys thinking?

Re:Damnit (1)

kiddailey (165202) | more than 9 years ago | (#12743619)


What's funny (or sad, depending on your POV) -- that might have actually been safer!

Make the banks responsible (1)

sourcery (87455) | more than 9 years ago | (#12743553)

The fact that knowledge of a person's identifying credentials is sufficient to commit fraud is solely the responsibility of those who are architects of the credit system. Until the law makes them fully responsible for all damages to consumers caused by the flaws in the credit system, this problem will just continue to get worse.

Attach a cost to lost data (5, Insightful)

Deep Fried Geekboy (807607) | more than 9 years ago | (#12743555)

The only way to solve this is to attach a cost to personal data. As soon as you do this, companies will instead of trying to collect as much data as they can, treat it (rightly) as something they should collect as little as possible. Lost data should have a cost to it which sends shudders down the spine of Chief Financial Officers.

I expect this will take a big class action lawsuit, but if I were a company of any size which handled confidential client data, I would be scrambling for a way to reduce my liability.

Data separation (3, Interesting)

digidave (259925) | more than 9 years ago | (#12743557)

There is no reason why this data needs to be shipped together. Citigroup should keep social security numbers serparate from names, separate from account history, separate from address, etc. All this can be assembled when needed and it would make it much harder to steal useful data or for a criminal to make use of any lost tapes.

Re:Data separation (0)

Anonymous Coward | more than 9 years ago | (#12743722)

Yeah, but then some shady operation gets one half of the NOC list, and then you try and sell them the other half in order to recover the first half, but the bank thinks you're working against them (when you're really working for them), and they send other operatives after you, and your life's in danger, and you meet up with the guy, your ex-comrade, who sold the shady operation the first half of the NOC list, but you have to pretend not to know and sleep with his hot wife.

And Emilio Estevez will die in the first ten minutes of the caper. The first ten minutes! Do you really want that on your conscience? Is this the future you envision?

Google Ads (2, Funny)

Adrilla (830520) | more than 9 years ago | (#12743565)

In the Google ads in the sidebar next to this story they have a listing for "Jobs at UPS". Extremely fitting for this situation as there has to be a few employment spots opening up at 'brown' after this incident.

Has It Always Been this Bad? (3, Insightful)

adavies42 (746183) | more than 9 years ago | (#12743567)

As this is just another in a long string of weekly "your vital data stolen" stories, I'm starting to wonder: have big companies always been this fucking careless, and it's only due to SOX et al. that we're learning about it now? I'm not even sure which I'd prefer.

Re:Has It Always Been this Bad? (1)

Sheetrock (152993) | more than 9 years ago | (#12743630)

Customer information has never really been safeguarded in the past. Not only was it considered open for telemarketing or junk mail purposes, but I seem to recall a patch there where some companies were actually using prison industries to fill these jobs.

Consequently, I'd say the reporting has gotten better rather than that the companies have gotten worse. Ten years ago privacy wasn't even a concern for customers because few were abusing this information.

Re:Has It Always Been this Bad? (1)

kiddailey (165202) | more than 9 years ago | (#12743644)


I guess you've never worked for a big company :D

Re:Has It Always Been this Bad? (1)

adavies42 (746183) | more than 9 years ago | (#12743682)

Not one that handled personal data, no--or at least never near the branches that did. My internships at a pharmaceutical company and with a civilian DoD agency were strictly tech work.

UPS sucks (0)

Anonymous Coward | more than 9 years ago | (#12743571)

Anyone who has done some shipping knows that. Maybe if they would start by properly paying and treating their employees things might improve. Motivated employees is the key imo.

Nice to know where their priorities lie (5, Insightful)

Lead Butthead (321013) | more than 9 years ago | (#12743582)

These are the people that would pay through the nose for armoured car to truck their cash around, but would send huge amount of customer information through UPS.

Using UPS to transfer data?! (0)

Anonymous Coward | more than 9 years ago | (#12743583)

What about electronic means that were available since XX century, secure channels and stuff?

Encryption! Encryption! ENCRYPTION! (2, Interesting)

zanderredux (564003) | more than 9 years ago | (#12743586)

when will they learn?

don't they even care for encrypting data in removable media?

that's so lame!

i hope everyone that is a citibank customer (2, Insightful)

hsmith (818216) | more than 9 years ago | (#12743590)

will be taking their business elsewhere

i am moving from BofA after their mishap.

Somewhere smaller, hopefully more secure.

Hit them where it hurts!!!!

We need laws to nail this sort of behavior (1)

typical (886006) | more than 9 years ago | (#12743594)

We need laws of the sort that would allow us to punish Citigroup for this kind of data loss It should be bloody painful for any company that ships masses of (plaintext) financial data out of their building. It is *not* hard to require them to encrypt the goddamn data, nor is it expensive (especially given what financial companies consider expensive). There is no good reason not to make extremely painful penalties for not doing so.

Citibank does it again! (1)

polakk (562391) | more than 9 years ago | (#12743595)

Wow, looks like they have a track record with these things.. Here [google cache] [64.233.167.104] . I know that they take big security precautions for their data while its on the servers, why can they not afford the same in these situations? Maybe its time to stop looking at outsourcing your transportation of customer records to private companies and work out something that will ensure the privacy of your customers data.

It happens a little bit too often... (1)

Ray Alloc (835739) | more than 9 years ago | (#12743621)

I'm wondering if such "incidents" might not be fabrications to hide more disturbing problems, or to dissimulate clandestine sale of customer data, for example...

Were the tapes encrypted? (2, Insightful)

ortholattice (175065) | more than 9 years ago | (#12743596)

I guess not, otherwise this would be a nonissue. It is unbelievable that in this day and age a company the size of Citigroup would ship unencrypted tapes. Geez, it is trivial to do and a no-brainer. Really, whoever is in charge of IT security policy there is an idiot and should be fired immediately and any security credentials (like CISSP) stripped so he/she can't pull another fast one on some other company. This is the height of absurdity and irresponsibility.

You break it, you buy it. (5, Insightful)

Doc Ruby (173196) | more than 9 years ago | (#12743601)

CitiGroup no doubt spends millions each year on network encryption for data transmitted across WANs. I wonder if the data on these tapes was encrypted? Since they're "backups", I doubt it. Sure, UPS screwed up the sensitive task entrusted to their expert professionals. But CitiGroup took an unacceptable, unnecessary risk by allowing the task to be so sensitive. They should all have to indemnify every exposed CitiGroup customer from identity crimes in perpetuity, including the time the customers spend managing this exposure.

Encryption please (1)

jisom (113338) | more than 9 years ago | (#12743613)

Things Like this should be encrypted. Its not hard and adds 2 steps.

citibastards and a possible solution (2, Insightful)

bziman (223162) | more than 9 years ago | (#12743614)

Just today, I got a letter from an affiliate of Sears Credit (which was acquired by citi) who insured my line of credit. But I close all my accounts with them ages ago (because I try my best to avoid doing business with citi because of their predatory marketing tactics). So today, I called them up and asked them why my info was even still in their system. They acknowledged that the letter was a system glitch and that it was a duplicate of a letter they mailed me ages ago when I closed my account (which is plausible), and then explained that they are *required* by Federal Law (I think he quoted the Fair Credit and Reporting Act) to keep all of my personal info, including my SSN on record for seven years.

There is definitely something wrong with this system! I'm all for doing without consumer credit, but it's simply not feasible.

Perhaps we need a public-key style scheme where we generate a unique private key that we use to encrypt things like credit card applications, and then the public key is on file with the government and credit card companies and the like. That way only we have access to important private information, but the credit reporting agencies and the government can still keep track of us the way they do currently.

This would beat the hell out of biometrics and nonsense like that (you can't bloody send someone a retina scan over the internet or through the mail!), and it would do something to improve our privacy by preventing people from faking your identity.

Uhhhhh (1)

Lucky_Pierre (175635) | more than 9 years ago | (#12743616)

I didn't do it!

Other protocols should have been used (1)

dacarr (562277) | more than 9 years ago | (#12743642)

If they really wanted security, they should have not used UPS. Heck, even my employer, FedEx, is out of the running.

Frankly, Registered Mail [everything2.com] , as offered by the US Postal Snail [usps.com] , would have been the way to go.

Encrytption? (1)

spudchucker (680073) | more than 9 years ago | (#12743647)

It is the ethical responsibility for the mantainers of this data to keep it secure. When trusting a 3rd party to transfer sensitive data, Citigroup should have encrypted the data on the media. Sure is odd how this happend, UPS has never lost anything of mine.

Three times unlucky. (1)

aussersterne (212916) | more than 9 years ago | (#12743655)

Jesus, in recent days I've taken it in the teeth by the failure of institutions to protect my personal data.

UC Berkeley sent me a letter telling me they failed to protect my data. University of Chicago came next. And now Citigroup.

I'm picking far too many winners lately... :-(

This is why . . . (1)

samnice (879259) | more than 9 years ago | (#12743659)

This is why i keep all my money in a wad stuffed in shoebox under the bed. That way i always know where to find it - right next to the porn.

Obvious (5, Funny)

YrWrstNtmr (564987) | more than 9 years ago | (#12743661)

Search for 'high security' [ups.com] at ups.com:

Find Results With
The exact phrase high security
Search for "high security" found 0 matches.

Guess Citibank gets fined 2500 dollars then. (0)

Anonymous Coward | more than 9 years ago | (#12743665)

According to the 'information disposal' law which came out yesterday.

http://it.slashdot.org/article.pl?sid=05/06/05/031 5207&tid=172&tid=158&tid=219 [slashdot.org]

I really doubt they'd be fined per person.. that'd be a 10 billion dollar fine.

All I can think of is.. (1)

Derwood5555 (828126) | more than 9 years ago | (#12743668)

[cue Ace Ventura]
GRUFF MAN
It sounds broken.

HDS MAN
Most likely sir! I bet it was something nice though! Now... I have an insurance form. If you'll just sign here, here, and here, and initial here, and print your name here, we'll get the rest of the forms out to you as soon as we can.

Ya know, (1)

Tablizer (95088) | more than 9 years ago | (#12743671)

the instant the tape was lost, my plane luggage from 1996 showed up!

Don't worry... (0)

Anonymous Coward | more than 9 years ago | (#12743676)

They're not really lost. I'm making a "backup" of them right now, then Citigroup can have them back. ;)

ep? (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#12743679)

own 7ube, beverage, on an endeavour

As a UPS employee... (4, Informative)

ap0 (587424) | more than 9 years ago | (#12743681)

I bet we're going to get bitched at tonight to scan all our packages! I load the semi trucks that haul grond packages across the country and don't think any foul play is involved. There are quite a few things that could have happened to it. It might have even ended up in another customer's package if it's very small. We should have been able to find it, though. It's pretty damn difficult for a package to get lost for more than a couple days in our facilities.

It's not that bad really.. (1)

marcushnk (90744) | more than 9 years ago | (#12743688)

Because the tapes were encrypted wern't they... er... Wern't they?

0.o

Lost? (2, Insightful)

kiddailey (165202) | more than 9 years ago | (#12743692)


Isn't this the second time (or more, most likely) that a set of shipped customer has been "lost?"

It's quite possible that the scum of the universe that feeds on harvested identities has gotten sophisticated enough that they are now able to identify such in-transit packages and have them go missing.

Bottom line -- companies should not be shipping this type of information via common carriers.

Declared Value: $200; Description: Backup tapes (1)

kiddailey (165202) | more than 9 years ago | (#12743716)


Just goes to show you that writing "Backup of customer data" in the goods declaration of the shipping form isn't a good idea ;)

Lecture Time (4, Insightful)

NetSettler (460623) | more than 9 years ago | (#12743720)

Having myself been lectured (and inappropriately, by the way) by Citibank employees about how it's my own fault my credit card interest rates went up (it wasn't, by the way), I hope at minimum that someone sits down the entire senior staff of this company and lectures them like they were children for many hours, making them feel as embarrassed and disrespected as they routinely do to their customers.

And then, just to make the point, they should have to pay not just whatever court-assessed penalties, but that amount plus 24.99% retroactively applied to the entire amount backdated from the time they finally pay all the way back to the time of the incident, just like they're always raising people's interest rates to unreasonable amounts like that even retroactively on purchases already made, and to ensure that they pay in a timely way.

And it goes without saying that reparations should be paid personally by the people who run the company, not passed along to customers.

Double the irony. (1)

qualico (731143) | more than 9 years ago | (#12743726)

"... was lost while being transferred to a credit reporting bureau"

Not sure what is more ironic, the fact that a shipping company can't even ship its own packages or that the information destined for a reporting bureau is now most likely going to destroy the credit of said patrons.

Welcome to the 21st century, where we are in total control of your personal data, not!
Way to go, double "Doh!"

Solution? Encryption (1)

guardiangod (880192) | more than 9 years ago | (#12743730)

The Inquirer had an article [theinquirer.net] talking about encrypting backup tape a few days ago.

Coincidence?

the usual place (1)

DuctTape (101304) | more than 9 years ago | (#12743731)

Maybe they didn't require a signature and just left it under the welcome mat.

DT

It's like the old joke (1)

Dark Paladin (116525) | more than 9 years ago | (#12743732)

What's the fastest way to transmit stolen data? Modem, T1, T3 - or a UPS truck full of tapes?

Who is collecting the lost info? Conspiracy afoot? (1)

iamcf13 (736250) | more than 9 years ago | (#12743754)

After learning about a string of these 'mishaps' here lately, I wonder who *really* has the lost data now and what are they going to do with it.

Mere fraud is too obvious and passe.

Could be the start of something more sinister....

Be on your guard, people.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?