This website does readability filtering of other pages. All styles, scripts, forms and ads are stripped. If you want your website excluded or have other feedback, use this form.

Citigroup's Lost Tapes Cast Spotlight On Data Security -- Security -- InformationWeek

success fail Aug JUL Feb 11 2006 2007 2009 12 captures 14 Dec 2005 - 18 Oct 2016 About this capture COLLECTED BY Organization: Internet Archive The Internet Archive discovers and captures web pages through many different web crawls. At any given time several distinct crawls are running, some for months, and some every day or longer. View the web archive through the Wayback Machine. Collection: nsdlweb this data is currently not publicly accessible. TIMESTAMPS

IT News from Enterprise Product Reviews from Enterprise Software News from IT Security News from Enterprise Storage News From VoIP News from IT Management Insights from Business News from Customize Your News with My

CMP - United Business Media


Business Innovation Powered By Technology

Part of the TechWeb Business Technology Network

Get News On Your Phone


»  Print
»  Discuss
»  Write To Editor

»  Slashdot
»  security stories

Citigroup's Lost Tapes Cast Spotlight On Data Security

Banks are considering a variety of measures to tighten the security for customer information.

By Steven Marlin
June 7, 2005 02:00 PM

This week's disclosure by Citigroup that a box of tapes containing information on 3.9 million customers was lost in transit has again pointed out the chain of vulnerabilities that banks need to strengthen to guarantee the security of customer data.

The tapes contained Social Security numbers, names, account numbers, and payment histories on customers of CitiFinancial, which provides personal, auto, and home-equity loans. The tapes also contained information on customers with closed accounts from CitiFinancial Retail Services, which provides private-label credit cards for retailers.

The tapes were picked up from a Citigroup data center by UPS Inc. on May 2, bound for a data center in Texas operated by Experian, a credit bureau. Citigroup was notified by Experian on May 20 that the box hadn't arrived; three days later it confirmed that the box was missing, whereupon it notified the Secret Service. UPS hasn't recovered the box, but says there's no indication it was stolen. The tapes were unencrypted; starting next month, the bank will begin sending the data electronically in encrypted form. The decision to do so was made prior to this week's disclosure, a spokesman says.

Banks, like all corporations handling customer data, are under intense pressure to revamp their data-protection policies. Following California's lead, eight states (Arkansas, Florida, Georgia, Indiana, Illinois, Montana, North Dakota, and Washington) as well as New York City have passed notification laws regarding information-security breaches. The patchwork of state laws is driving up compliance costs for companies, says Chris Wolf, partner and head of the privacy and data-security practice at law firm Proskauer Rose LLP. Federal laws now working their way through Congress would pre-empt many of the state laws, easing the compliance burden, he says.

Banks have set a high priority on initiatives related to data security. Banks in the United States will spend $1.6 billion on IT security this year, making up 4.1% of total IT spending, according to research firm Celent Communications. Among the top security budget items are combating insider fraud, achieving compliance, two-factor authentication, awareness and education, and anti-spyware and other tools for preventing malicious attacks.

In light of the disclosures by Citigroup and Bank of America, which reported in February that tapes containing information on 1.2 million customers were lost in transit, banks are likely to accelerate adoption of methods for better securing customer data, such as encrypting all data, tightening physical security, and installing perimeter defenses such as firewalls and intrusion-detection systems.

Still, despite the public brouhaha over customer data protection, it may take banks a while to implement all these changes. "We're looking at a redefinition of processes," says Celent analyst Jacob Jegher. "Big banks have a lot of technology and processes, which take time to change." The practice of externally shipping tapes off-site is still quite common and is unlikely to disappear, he says.

Subscribe to RSS

»  Print
»  Discuss

»  Slashdot
»  Reprint This Article
»  Download Top Reports

CAREER CENTER Ready to take that job and shove it? |

Employers: Give your recruitment message influence. Advertise in the InformationWeek 500.

  • Post Your Resume
  • Employers Area
  • News & Features
  • Blogs & Forums
  • Career Resources

    Browse By:
    State | City

    Monsanto seeking IT Team Lead in St. Louis, MO

    ITT Corporation seeking Manager, IT Business Systems in Fort Wayne, IN

    University of Idaho seeking Server Systems Analyst in Moscow, ID

    Monsanto seeking Application DBA in St. Louis, MO

    Monsanto seeking Java Developer in St. Louis, MO

    For more great jobs, career-related news, features and services, please visit our "Career Center.

    CAREER NEWS Editor's Note: Guess Who's Getting Harassed At Work If you guessed women, you're partially right. What you likely don't realize is that more men are getting sexually harassed at work, while the reports of female harassment incidents are on the decline.

    Career Profile: CIO/Charleston Southern University Rusty Bruns isn't a big fan of whiners or those with big egos. He says his career success is due to many things learned from a mentor including leading by example rather than by authority.

    More articles from our career center

    Related Stories

    Related White Papers

    Specialty Resources

    Featured Microsite


    Subscription Info
    Apply for a free 52-week subscription to InformationWeek (a $199 value)

    NOTE: Offer valid for U.S., U.S. possessions, & Canada only

    Terms of Service | Copyright © 2007 CMP Media LLC, All rights reserved.