Bank loses 3.9 million customers' data

[Sam]

HEAD'S UP PEOPLE!!! BEWARE!!! BE CAREFUL AND STAY SAFE AS POSSIBLE!!!

Just how safe is YOUR data??? How many people have access to your SSN? Your place and date of birth? Your full given name?
Think about these things .ok don't think you have anything to be afraid of........don't whine or complain IF you become a victim of "identity theft"
After all.you might nt see anything wrong with this until it happens to you or to a personal friend.

What would you have done with YOUR or anyone else's personal data? Who would you willingly allow to have accesss or it to be sold to? Do you think Banks or financial instituions or others, should have access to your data when the goverment does not?
Why should those institutions ( not to mention credit agencies) be allowed access to such data?

Why would or should they want to keep track of every American but allow how many illegal aliens and undocumented workers that they nevewr see??? Call it what you will......
I know of several people that have been victims of identity fraud...and have lost untold thousands of dollars and are currently fighting to regain their good name and prove who they are.
I am a firm believer this is a most heinous and damaging and deadly crime.
NO ONE SHOULD BELIEVE THE INTERNET IS EVER 100% SAFE!

Does anyone besides me, believe that besides making restitution where possible,.....after all the persons lives they ruined...., The BLEEPING BLEEPS THIEVES, should be drugged and/or forced to tell how they did it before they are executed in a most inhumane and execrutiatingly painful manner?

What do you think should be done with such lowlife creatures that ruin people's lives in such manner?

How would you feel IF it happened to you or your loved one(s)

**************************************************************

http://moneycentral.msn.com/content/inv ... p?GT1=6583

**************************************************************



Bank loses 3.9 million customers' data

Tapes including payment histories, Social Security numbers were on their way to a credit reporting bureau. CitiFinancial tells customers to watch their accounts more closely.

By The Associated Press

CitiFinancial, the consumer finance division of Citigroup (C, news, msgs), said Monday it had begun notifying some 3.9 million U.S. customers that computer tapes containing information about their accounts -- including Social Security numbers and payment histories -- have been lost.

Citigroup, which is based in New York, said the tapes were lost by the courier UPS (UPS, news, msgs) in transit to a credit bureau.

The bank said the tapes contained information about both active and closed accounts at CitiFinancial's branch network. It said they did not contain information from CitiFinancial Auto, CitiFinancial Mortgage or any other Citigroup business.

The statement said that CitiFinancial "had no reason to believe that this information has been used inappropriately, nor has it received any reports of unauthorized activity."Start investing with $100.
Explore our
new ETF center.



Norman Black, a spokesman for Atlanta-based UPS, confirmed that the tapes were missing.
"Despite an exhaustive search for this package, we've been unable to find it," Black said.

The breaches continue
It was the latest in a series of data losses or breaches that have forced financial institutions and other data collectors to warn customers that their personal information may be at risk.

Last month, media and entertainment company Time Warner Inc. said that computer backup tapes containing data on 600,000 individuals were lost by an outside data storage firm.

The data covered current and former employees going back to 1986, as well as some of their dependents and beneficiaries, the company said. It did not include personal data on Time Warner customers, the company said.

Also in May, more than 100,000 customers of Wachovia Corp. and Bank of America Corp., both headquartered in Charlotte, N.C., were notified that their financial records may have been stolen by bank employees and sold to collection agencies. And in April, Ameritrade Holding Corp., a leading online discount broker, said it had informed some 200,000 current and former customers that a backup computer tape with personal information had been lost.

Kevin Kessinger, executive vice president of Citigroup's Global Consumer Group and president of Consumer Finance North America, told The Associated Press that the tapes left CitiFinancial on May 2 and were discovered missing on May 20.

Notification of customers was delayed at the request of the Secret Service, which is investigating the loss of the tapes, he said.

Watch your accounts
Kessinger said the bank's letter encouraged consumers to review activity on all their accounts to make sure nothing suspicious was occurring. He said CitiFinancial also was arranging for all affected customers to sign up free of charge with a credit monitoring service for 90 days. And, he said, if a customer is victimized, they will get free help from Citigroup's Identity Theft resolution service.

"Clearly we regret that this happened with our customers," Kessinger said. "We're trying to be upfront -- to communicate and to talk about what the issues are."

CitiFinancial said in its statement that the data loss "occurred in spite of the enhanced security procedures we require of our couriers."

It said there was little risk of the accounts being compromised because most customers already had received their loans and that no additional credit could be issued without the customers' approval.

Debby Hopkins, chief operations and technology officer for Citigroup, said that the tapes were produced "in a sophisticated mainframe data center environment" and would be difficult to decode without the right equipment and special software.

Hopkins said that most Citigroup units send data electronically in encrypted form and that CitiFinancial data will be sent that way starting in July.

[DonnaKayDunbar]

This is why my money is in a nice, small, LOCAL credit union.

[land_shark3]

This is why my money is in a nice, small, LOCAL credit union.

Similar to you, that's why I keep my money nice and small.

[sy]

This is a little of a side tangent to this, but I think still valid

It might already be knowledge to most, but I still find it very interesting that people will get all panicky when they read a story like this, and yet, on a daily basis, I watch people throw away receipts in public trash cans, write checks while people around them can easily read their information, order things over the phone while reciting their credit card number in the supermarket, recite passwords to others and over the phone, set up wireless networks with no security, and so on.

But then, I truly think a lot of people just assume nothing can happen to them. Two perfect examples, a) one of the local gas stations near me does not XXXX out the credit card number on their receipts, and it is fully printed. Someone dropped a receipt on the floor and I picked it up and handed it to them, very simply pointing out that fact. They just shrugged, took it, and threw it in the trash can. b) my neighborhood has 7 wireless networks (computer networks) that I can access. By access, I mean I can actively access their home machines, print to their printer, view their information, including their tax information, bank information, and so on. I only knew who two of the networks belonged to (based on how they named it), the one person was actually thnakful and immediately set it up correctly. The other person, who is really such a redneck piece of white trash, I'm surprised he even knows how to turn on a computer, cursed me out for looking, which I didn't.

People generally have no clue how simple it is to get their information and use it against them on a daily basis.

I'm done ranting. Sorry. A bit peeved today. Back to your regular programming.

[TheSecretsInTheCrust]

You mean they LOST that $1.2 Million deposit I made

[Sam]

This is a little of a side tangent to this, but I think still valid

It might already be knowledge to most, but I still find it very interesting that people will get all panicky when they read a story like this, and yet, on a daily basis, I watch people throw away receipts in public trash cans, write checks while people around them can easily read their information, order things over the phone while reciting their credit card number in the supermarket, recite passwords to others and over the phone, set up wireless networks with no security, and so on.

But then, I truly think a lot of people just assume nothing can happen to them. Two perfect examples, a) one of the local gas stations near me does not XXXX out the credit card number on their receipts, and it is fully printed. Someone dropped a receipt on the floor and I picked it up and handed it to them, very simply pointing out that fact. They just shrugged, took it, and threw it in the trash can. b) my neighborhood has 7 wireless networks (computer networks) that I can access. By access, I mean I can actively access their home machines, print to their printer, view their information, including their tax information, bank information, and so on. I only knew who two of the networks belonged to (based on how they named it), the one person was actually thnakful and immediately set it up correctly. The other person, who is really such a redneck piece of white trash, I'm surprised he even knows how to turn on a computer, cursed me out for looking, which I didn't.

People generally have no clue how simple it is to get their information and use it against them on a daily basis.

I'm done ranting. Sorry. A bit peeved today. Back to your regular programming.

Hi ya!
YES you are quite RIGHT! , most common things to prevent identity thefts are mostly very simple and uncomplicated and can be easily used by anyone.

The thing in this particular case is that a company is blaming a courier for losing the personal data.something that is beyond the "common" person's hands.

It goes to show just how safe your/my/ our personal really is out there, once it gets out, it is open territory for anyone to get or use as they choose... and the info cannot be retracted.

There is actual very little security on the internet as a whole.

I HIGHLY RECCOMMEND the book "HACKING EXPOSED". it is around $40.00-$50.00. It will NOT teach you how to hack or become a hacker. IT WILL TELL you how to protect your computer and yourself ........
you can visit their website www.hackingexposed.com ( I think is correct).

I agree with you that too many people often throw away items or speak of items that allow someone with unscrupulious intent to take advantage of them....in the Air Force, We called them Essential Elements of Friendly Information......Think of it like building a jigsaw puzzle....all the little pieces add up and you get a big picture....


Protect yourself as best you can.

Sam

[phjrsaunt]

I DO know how it feels to have your personal information "out there somewhere." I'm one of 60,000 former Time Warner employees whose personal data was "lost" by a data storage company.

It's sad to say, but life is really all about your credit report.

[Lightning Bolt]

You wanna do more to protect yourself?

Quit using Big Brother (Microsoft) Explorer browser software that has security holes you could drive a truck through.

If that doesn't help you sleep any better, try a ***** (or two) with your next boat drink

Still freaking out??
Hell, what are you doing reading this, then?
Chuck your computer immediately into the nearest river, withdraw all your money from wherever, load all your guns
(including ALL your extra clips -- you know who you are, out there ) and HEAD FOR THEM THAR' HILLS!
You already have your survival rations in place anyway, and this is, truly, the beginning of Armegeddon.

The rest of you out there... Have a nice day!

[RinglingRingling]

With the explosion of these stories in the last year:

Hackers attack supposedly-secure databases, or just run sideways once they are inside
Couriers lose tapes with information (two of these)
medical records disposed of improperly (local collection agency did not shred data, although if you are in collections, the chance of useful ID theft is probably smaller than the regular population)
check processing facilities employees pull SSNs off checks going thru the machines for ID theft
Use of credit information for job interview purposes

makes you wonder about

a) just how often this stuff was going on before it got to be the hot topic
b) just how secure you can make yourself short of paying for everything in cash
c) if the SSN was not meant to be used as an ID, why it has become so prevalent and why there are not requirements in place for additional hidden-keys that do not appear on the records for confirmation purposes.

[AlbatrossFlyer]

1) the bank didn't lose the tapes, UPS lost them. don't blame citicorp.

2) the tapes were highly encrypted.

[sy]

makes you wonder about

a) just how often this stuff was going on before it got to be the hot topic

b) just how secure you can make yourself short of paying for everything in cash

c) if the SSN was not meant to be used as an ID, why it has become so prevalent and why there are not requirements in place for additional hidden-keys that do not appear on the records for confirmation purposes.

The above was probably rhetorical, but I thought I'd throw my .04 in, just because I always feel a personal need to try and make people aware of these types of things (hope no one minds or takes offense).

a) I can tell you first hand that it was going on waaaayyy before this. Now, it's just a lot easier. This is going to sound very contradictory, but hackers nowadays have far fewer ethics than twelve-fifteen years ago, they're also far younger and have far more toys to play with. While it was very prevalent back then, there was still a fine line that was drawn about ruining another's life, though there were always exceptions.

b) Just by being careful. I've given many a seminar and training course in the past on security and theft, and you'd be very surprised (or not) how many people are surprised that they should actually look at their credit report, and that they shouldn't be sitting in the middle of public ordering something on the phone, broadcasting their credit card number. Even more surprised they were when I said they should always make a habit of getting their mail as soon as they get home. One of the easiest ways to get information is to simply lift someone's mail. You don't need to break into a bank's systems to get someone social security number and vitals to open credit accounts and so on.

c) because the social security number is the universal unique identifier. Companies are lazy, uneducated, or just don't want to institute their own systems. There actually are other requirements by law depending on the state, but they aren't enforced. But, at least in PA, you are not required by any law to provide your social security number to anyone other than a few select cases, though companies can reject you if you don't. Both have their own perogative.

:Stepping off the soap box now: Hope that little bit of info helps someone out there if they didn't already know.

[chalksoperations]

Did they look under the couch?








.........maybe they should look under the couch.

[SMLCHNG]

1) the bank didn't lose the tapes, UPS lost them. don't blame citicorp.

2) the tapes were highly encrypted.

Thanks, Charlie.. I was also going to point that out, as well.

[SMLCHNG]

Did they look under the couch?




.........maybe they should look under the couch.

Maybe in the refrigerator?

[phjrsaunt]

Did they look under the couch?








.........maybe they should look under the couch.

As a matter of fact, YES! They EVEN looked in the refrigerator!!

[FinzEast]

I think it's with all those missing left socks

[Sam]

There are hackers and there are crackers.....then you have have the script kiddies.....

Most hackers did not really hurt anyone personally at one time,.....though that may have changed.....now that getting personal ID has become a valuable business.

Linux and other systems may offer some security but nothing beats keeping private stuff private.

Granted identity theft has been going on for many years, long before the "electronic age" ...such as going to a graveyard and finding the name of a dead person that died very young,getting a birth certificate for that person,and an SSN, and creating a legend for that person. Don't try this in the computer age....you will regret it.

People need to be and must be more aware of their vulnerability...and to take neccessary precautions.....I personally know of several people that are still trying to prove themselves as to who they really are and fighting creditors to restore their good credit.

Recently a friend told me of a co-worker ( that has no idea of how it happened) thought the spouse removed a substantial ammount of money from the account. I will not elaborate much on it because the case is still pending. BUT I can say, while the person was in the bankand trying to figure out what happened, someone claiming to be the spouse called in and wanted to know why the account was closed. The person was located in another state and was tracked down and arrested and was unknown to either spouse.

In this day and age one must be more careful than ever in placing personal info over the net and should know who and why the persons need access to it.

According to the SSN LAW or RULES that were originally written the SSN was NEVER meant to be used for ID purposes...Tell it to the IRS...any postal employee can easily read anyone's SSN number as a Taxpayer ID #. Clearly the IRS has violated or circled around the Law ( GEE what else is new?) States that use SSN #s for driver's licenses, police are not suppose to call them in to be run because anyone with a scanner can listen in and get all the personal info. Anytime you are stopped generally most departments will run a background check to see if the person is wanted.....how many innocent people are let off with a warning? Yet their info is out there for anyone to grab.

There is much to be said about electronic security.... www.epic.org is the best source out there, but not the only one.

Anyone ever hear of "ECHELON" or "CARNIVORE" ? ( "CARNINVORE" has a new and less hostile name, btw...)

http://www.fas.org/irp/program/process/echelon.htm No Such Agency (NSA)has been one of the best kept secrets for well over 30 years. They refuse to explain why they have "non-existant" bases in places such as Austrailia. They can legally do what they do in Austrailia, what they cannot legally do in the U.S., so they do not violate the U.S. Constititution and law.

But that has nothing to do with personal identity theft but I do refer people to EPIC.org for further info.

[sy]

People need to be and must be more aware of their vulnerability...and to take neccessary precautions.....I personally know of several people that are still trying to prove themselves as to who they really are and fighting creditors to restore their good credit.

And for the love of anything good, I can't say this enough, if you have a wireless network, or you do put sensitive information on your machine, educate yourself. Even the most reformed hacker is going to see your machine as a golden opportunity of curiosity. No one I ever talk to thinks it is a big deal, but if your wireless network is not secure, or your machine is not secure in general, it really is not hard at all to get into it, take your turbotax information, email, business documents, etc.

There are groups across America that make a habit of driving through neighborhoods for just that purpose; to access unsecure wireless networks and see what they can see. It's called WarDriving. Yes, it's illegal. In the United States, accessing the files on an open network is illegal under both federal and state laws, as is using the Internet connection of an open wireless network. True wardrivers are only collecting information about the particular access point, and really want nothing to do with the machine itself. But that does not stop the little 17 year old from following behind with malicious intent.

Either way, educate yourself. There are few things I hate more than to see someone accidentally become a victim because they just didn't know.