Citibank loses data on four million customers
Barn door, meet horse-shaped vacuum.
Identifying data on 4 million Citigroup customers was “lost” when a UPS package containing unencrypted tapes went missing in early May.
CitiFinancial said in its statement that the data loss “occurred in spite of the enhanced security procedures we require of our couriers.”
It said there was little risk of the accounts being compromised because most customers already had received their loans and that no additional credit could be issued without the customers’ approval.
Debby Hopkins, chief operations and technology officer for Citigroup, said that the tapes were produced “in a sophisticated mainframe data center environment” and would be difficult to decode without the right equipment and special software.
Hopkins said most Citigroup units send data electronically in encrypted form and that CitiFinancial data will be sent that way starting in July.
http://www.wired.com/news/privacy/0,1848,67766,00.html
Basically, what this tells me is that “secure” financial identification data on every American with a bank or brokerage account has been stolen or very likely will be in the next two years. There’s nothing that anyone is doing that can stop it. It’s time we turned our attention towards making that data useless for fraud. I propose a two-pronged attack:
1) The end of the instant credit era.
2) Flood the system with garbage data that looks like real data, but is meaningless.
[Update: I've been thinking about this. WHY DID THIS SET OF TAPES EVEN EXIST? Is there any possible good reason for a company to have all of this data in one place?]
