Citigroup admits losing personal details of 4m customers

David Teather in New York
Tuesday June 7, 2005
http://www.guardian.co.uk

Citigroup yesterday admitted that it had lost the personal data of almost 4 million customers, the latest in a string of high-profile firms to mislay sensitive customer or employee information.

The company, the largest financial services group in the world, said computer tapes containing the personal information had been mislaid by United Parcel Service while on route to a credit-reporting bureau. The 3.9 million customers affected were all in the United States.

Kevin Kessinger, a vice-president in charge of consumer finance at the banking group, said: "We deeply regret this incident, which occurred in spite of the enhanced security procedures we require of our couriers."

He said the information would be sent electronically, in encrypted form, from July.

This latest loss will heighten consumer fears about the security of companies holding personal data and the risks of identity theft.

This year alone there has been a series of similar worrying incidents. Last month, the Bank of America said the account details of 108,000 customers had been stolen by former employees and sold on to a third party. Also in May, MCI and Time Warner said they had lost details including social security numbers of thousands of their employees.

In April, HSBC notified at least 180,000 people who used General Motors-branded MasterCards to make purchases at the clothing retailer Polo Ralph Lauren that criminals might have got hold of their credit card information.

The bank warned the hold ers to replace the cards immediately. Reed Elsevier, the Anglo-Dutch publishing group, admitted in April that data from 310,000 users of its LexisNexis research service had been stolen.

Identity theft, using another person's details to obtain loans or credit cards, or simply to make purchases using someone else's account, is a growing problem. The federal trade commission in the US recently said that around 10 million people discovered they were victims in 2003 alone.

Citigroup said it has no reason to believe that the information lost had been used inappropriately. The company said there was little risk of the accounts being compromised because affected customers had already received their loans. The bank did not say what kind of information had been lost.

All logos and trademarks in this site are property of their respective owner. FAIR USE NOTICE: This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available in our efforts to advance understanding of environmental, political, human rights, economic, democracy, scientific, and social justice issues, etc. We believe this constitutes a 'fair use' of any such copyrighted material as provided for in section 107 of the US Copyright Law. In accordance with Title 17 U.S.C. Section 107, the material on this site is distributed without profit to those who have expressed a prior interest in receiving the included information for research and educational purposes. For more information go to: www.law.cornell.edu/uscode/17/107.shtml