CitiFinancial Drops Backup Tapes After Data Loss

CitiFinancial plans to begin encrypting data and sending it to credit bureaus electronically after data tapes containing the personal information of 3.9 million customers were lost by UPS.

CitiFinancial has begun notifying its Branch Network customers of the loss. The tapes contain customer names, Social Security numbers, account numbers and payment history.

“We and other lenders provide this information each month to credit bureaus to ensure that your credit report remains accurate and up-to-date,” the bank wrote in the letter to customers. “We send the information via nationally recognized couriers and require them to use enhanced security procedures to transport the tapes from our data center to the bureaus. Nonetheless, during a recent delivery, one of these couriers lost one box of tapes. Beginning next month the information we provide to credit bureaus will be sent via direct encrypted electronic transmission.”

The tapes contained information about CitiFinancial branch network customers in the U.S. as well as customers with closed accounts from CitiFinancial Retail Services. CitiFinancial said it has no reason to believe that the information has been used inappropriately, nor has it received any reports of unauthorized activity.

“We deeply regret this incident, which occurred in spite of the enhanced security procedures we require of our couriers,” Kevin Kessinger, executive vice president of Citigroup Global Consumer Group and president of Consumer Finance North America, said in a statement. “There is little risk of the accounts being compromised because customers have already received their loans, and no additional credit may be obtained from CitiFinancial without prior approval of our customers, either by initiating a new application or by providing positive proof of identification. Beginning in July, this data will be sent electronically in encrypted form.”

It is not clear how much CitiFinancial and Citigroup use tape backup for other purposes, and how much of that will be replaced with electronic encrypted backup. Calls to the company were not returned by press time.

Because of high-profile incidents like the one revealed Monday by CitiFinancial, data privacy and security issues have been growing in importance, with Congress moving toward a national data privacy law. Many of the revelations of data security breaches have come because of a California law requiring that such breaches be disclosed to California residents; Congress is modeling its national efforts in part on that law.

Back To Enterprise Storage Forum

Paul Shread
Paul Shread
eSecurity Editor Paul Shread has covered nearly every aspect of enterprise technology in his 20+ years in IT journalism, including an award-winning series on software-defined data centers. He wrote a column on small business technology for Time.com, and covered financial markets for 10 years, from the dot-com boom and bust to the 2007-2009 financial crisis. He holds a market analyst certification.

Latest Articles

IBM Brings Ransomware Protection, as-a-Service Options to FlashSystem Arrays

The tech giant addresses cybersecurity concerns with new security capabilities added to its FlashSystem all-flash storage arrays.

AWS Provides High-Performance SAN in the Cloud

The move by Amazon Web Services is designed to deliver performance-intensive, mission-critical workloads into the cloud.

Top Data Management Platforms & Systems 2021

Data management platforms collect, organize, maintain, and store data for future use. Explore top systems now.