A division of Citigroup Inc. is the latest in a conga line of corporations to disclose a major gaffe involving sensitive consumer data.
The case highlights the growing vulnerability of consumer data, which has been increasingly targeted by would-be identity thieves or mishandled or lost by companies entrusted with financial information and other private information.
The company said today its CitiFinancial unit was alerting 3.9 million U.S. customers that computer tapes with Social Security data, account and other details were lost by United Parcel Service Inc. while in transit to a credit bureau. The tapes also contained information from customers with closed accounts from CitiFinancial Retail Services, but the tapes did not have any customer information from CitiFinancial Auto, CitiFinancial Mortgage or any other Citigroup business customers, the company said in a statement.
"There is little risk of the accounts being compromised because customers have already received their loans, and no additional credit may be obtained from CitiFinancial without prior approval of our customers, either by initiating a new application or by providing positive proof of identification. Beginning in July, this data will be sent electronically in encrypted form," Kevin Kessinger, executive vice president of Citigroup's global consumer unit and president of Consumer Finance North America, said in a statement.
While the company's admission of the problem is much better than waiting for customers or others to publicly report the problem first, the company still has work to do to get the word out to the millions who could be impacted by this error. CitiFinancial as of Monday night had not posted a warning about the problem on its Web site's main page. It would be prudent for the company to plaster notifications on the home page of the affected unit, instead of a press release that many consumers might not see right away. Parent company Citigroup does have a link to an announcement about the problem on its home page, though the information isn't highlighted as much as it should be (and is ironically placed next to a more prominently displayed PR piece by Citigroup on the company’s efforts to go after identity thieves). Citigroup has begun sending a letter to those who may be affected (see a PDF of the letter here). The company also points consumers to a tip sheet (also in PDF) with ways to prevent identity theft.
Citigroup's news isn’t good for affected consumers, Citigroup or UPS, which has egg on its face over the misplaced tapes. "Despite an exhaustive search for this package, we've been unable to find it," Norman Black, a UPS spokesman, told The Associated Press. The AP noted other similar cases that have cropped up in recent months, with Time Warner Inc., Wachovia Corp. and Bank of America Corp., all reporting their own mea culpas over missing or mishandled data.
The tapes were lost while being sent to credit agency Experian, Reuters reported. "We were moving this using an enhanced security procedure we specified and developed with (UPS)," Citigroup's Kessinger told the wire service.
The news is slated for the front page of The Washington Post tomorrow. The paper's Jonathan Krim noted that the Citigroup data breach is just one of many problems that companies in recent months have had safeguarding consumer data. The Citigroup case "pushes to more than 6 million the number of U.S. consumers whose personal data have been lost or stolen in just the past six months. The spate of breaches has included federal agencies, universities, banks and other financial institutions, data brokers, and data-storage companies," Krim wrote.
Even though Citigroup has said there are no signs that the data has been misused or been used for fraud, The Wall Street Journal said the "blunder constitutes a major embarrassment for both the big financial-services firm, which has built a large marketing effort around identity-theft protection, and the Atlanta-based shipping giant, which boasts of its ability to track packages closely."
UPS: If Data Is Not Your Forte, Try Fish
Speaking of UPS, there's no sign of the data breach on its Web site, but at least the company is publicizing that it successfully transported the "world's largest fish."
Intel's Slice of Apple
It's official: As expected and reported before the official cat was out of the bag, Apple Computer plans to use Intel's chips to power its Mac PCs, giving the boot to IBM. The Sydney Morning Herald, via a wire story, gave the news a sexy twist with its headline: "Apple Gets Into Bed With Intel." CNET's News.com's story on the development focuses on what developers make of the switch. Read Apple's official announcement online.
The Outsourcing Train Continues
If your favorite company's customer service line now rings to India to take your help calls, rest assured that even more companies will be shipping their business overseas in the near future to save money too. The Journal has picked up a new study on the outsourcing trend. Bottom line: It's here to stay, even if customer service has hit a low point with many of the outsoaring deals. An excerpt from the article: "Companies that purchase technology services expect to increase the amount of work they outsource in the year ahead despite declining satisfaction with offshore providers and a surge in prematurely terminated contracts, according to a broad survey of executives to be released today," the paper said of the survey of 250 execs from consulting firm DiamondCluster International.
So what you're really saying is that I would have been better off getting a fish instead of a loan? Hmm, have to think about that. But what I really don't understand is why we're now outsourcing our fish too? I bet there are some good American fish without a new aquarium to swim in because of this!
Posted by: terry | 2005.06.07 at 01:55 PM
As IT Manager of Cardiology I deal everyday with the HELP! Desk of our primary vendor. It is one of the largest medical technology companies in the world and used overseas Help Desk service. After each service call or installation I am contacted by Gallup Survey for my rating of sevice provided. Each time I highly rate the actual service and place HELP Desk service in the basement. The problem is simple. English is a complex language and merely learning to speak english is not going far enough. The useage of words and grammar within the english language is of great importance when a complex problem is being communicated. Invariably the foreign Help Desk staff member tries to understand my problem but 90% of the time fails to properly re-communicate the situation. Technicians for the vendor have told me they deal with the same problem in reverse. When contacted by the Help Desk the initial problem has been altered so much by the language barrier that it is often completely misunderstood. I was seeking a technician for a specific server on one occassion and the Help Desk had a Nuclear Imaging Engineer contact me. It took us a minute to understand what happened and the engineer retraced the Help Desk path to get proper technical advice for me the customer.
I always tell the vendor they need to bring the Help Desk back to the U.S.A. or suffer customer dissatisfaction that could lead to loss of customers.
Posted by: Wayne L. Sewell | 2005.06.07 at 11:16 AM