CitiFinancial Drops Backup Tapes After Data Loss

CitiFinancial plans to begin encrypting data and sending it to credit bureaus electronically after data tapes containing the personal information of 3.9 million customers were lost by UPS.

CitiFinancial has begun notifying its Branch Network customers of the loss. The tapes contain customer names, Social Security numbers, account numbers and payment history.

“We and other lenders provide this information each month to credit bureaus to ensure that your credit report remains accurate and up-to-date,” the bank wrote in the letter to customers. “We send the information via nationally recognized couriers and require them to use enhanced security procedures to transport the tapes from our data center to the bureaus. Nonetheless, during a recent delivery, one of these couriers lost one box of tapes. Beginning next month the information we provide to credit bureaus will be sent via direct encrypted electronic transmission.”

The tapes contained information about CitiFinancial branch network customers in the U.S. as well as customers with closed accounts from CitiFinancial Retail Services. CitiFinancial said it has no reason to believe that the information has been used inappropriately, nor has it received any reports of unauthorized activity.

“We deeply regret this incident, which occurred in spite of the enhanced security procedures we require of our couriers,” Kevin Kessinger, executive vice president of Citigroup Global Consumer Group and president of Consumer Finance North America, said in a statement. “There is little risk of the accounts being compromised because customers have already received their loans, and no additional credit may be obtained from CitiFinancial without prior approval of our customers, either by initiating a new application or by providing positive proof of identification. Beginning in July, this data will be sent electronically in encrypted form.”

It is not clear how much CitiFinancial and Citigroup use tape backup for other purposes, and how much of that will be replaced with electronic encrypted backup. Calls to the company were not returned by press time.

Because of high-profile incidents like the one revealed Monday by CitiFinancial, data privacy and security issues have been growing in importance, with Congress moving toward a national data privacy law. Many of the revelations of data security breaches have come because of a California law requiring that such breaches be disclosed to California residents; Congress is modeling its national efforts in part on that law.

Back To Enterprise Storage Forum

Paul Shread
Paul Shread
eSecurity Editor Paul Shread has covered nearly every aspect of enterprise technology in his 20+ years in IT journalism, including an award-winning series on software-defined data centers. He wrote a column on small business technology for, and covered financial markets for 10 years, from the dot-com boom and bust to the 2007-2009 financial crisis. He holds a market analyst certification.

Latest Articles

Top 10 Data Recovery Certifications

Data recovery is the process to restore lost or corrupted data due to a disaster, and companies must data recovery experts to recover their...

Top 10 Companies Hiring for Data Recovery Jobs

Data recovery is a vital part of the technology industry today. When data is accidentally deleted, corrupted, lost, or damaged, there is a risk...

Data Recovery Q&A With Kathy Ahuja at Qumulo

Enterprise data is at constant risk of physical destruction, cyber attacks, and theft or unexpected system or hardware failure. To mitigate these risks, enterprises...