Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Citibank admits: We've lost the backup tape
The Register ^ | Tuesday 7th June 2005 | Andrew Orlowski

Posted on 06/08/2005 2:22:59 PM PDT by softengine

The retail finance division of Citigroup has admitted that a backup tape containing personal information on almost 4 million customers has gone missing. The United Parcel Service lost the tape on May 2nd, and it hasn't been seen since. CitiFinancial only noticed the tape was missing on May 20. The tape contains Social Security numbers and transaction histories on both open and closed accounts at the bank’s lending branches.

Citigroup says it has no reason to believe the tape has been stolen, but alarmingly, the tape hasn't shown up at any UPS depot despite six weeks of searching.

The company admitted that it doesn't use encryption on its electronic transmissions, nor explained why it took so long to notify the public.

Earlier this year a backup tape belonging to Ameritrade went astray, with personal information on 200,000 customers; Time Warner lost a tape containing information on 600,000 individuals, and Bank of America and Wachovia suffered a data breach affecting 100,000 customers each in May.

Customers are advised to call 866-452-2484 ®


TOPICS: Business/Economy; News/Current Events
KEYWORDS: bank; banking; citigroup; database; datasecurity; identitytheft; missing; ups
Navigation: use the links below to view more comments.
first 1-5051-60 next last
"The company admitted that it doesn't use encryption..."

All together now folks - Holy Sh.......

1 posted on 06/08/2005 2:23:01 PM PDT by softengine
[ Post Reply | Private Reply | View Replies]

To: softengine
"The company admitted that it doesn't use encryption..."

That is flat out stupid. Granted the encrypion built into most backup software is week, but not using it is unacceptable for a financial institution.

2 posted on 06/08/2005 2:25:06 PM PDT by Dinsdale
[ Post Reply | Private Reply | To 1 | View Replies]

To: softengine

Whoa.


3 posted on 06/08/2005 2:25:26 PM PDT by mewzilla
[ Post Reply | Private Reply | To 1 | View Replies]

To: softengine

If you knew some of the stuff that I have seen about the data that banks have sent through UPS without encryption or security safeguards or even checking out where they are sending it, you'd drop a cinder block.


4 posted on 06/08/2005 2:25:51 PM PDT by dirtboy (Drooling moron since 1998...)
[ Post Reply | Private Reply | To 1 | View Replies]

To: softengine

Did they ever stop to think to use UPS package tracking? My guess is at this point, the tape is stolen.


5 posted on 06/08/2005 2:26:19 PM PDT by BigSkyFreeper (Whop-bobaloobop a WHOP BAM BOOM!!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: softengine

Does anybody ever get fired over this? Geez, this is data security 101.


6 posted on 06/08/2005 2:26:57 PM PDT by Unknown Freeper (Doing my part...)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Unknown Freeper

I'll bet some high-ranking CEO got promoted over this fiasco.


7 posted on 06/08/2005 2:27:57 PM PDT by BigSkyFreeper (Whop-bobaloobop a WHOP BAM BOOM!!)
[ Post Reply | Private Reply | To 6 | View Replies]

To: BigSkyFreeper

Pachage tracking, who'd have thunk... Lol.


8 posted on 06/08/2005 2:28:18 PM PDT by softengine (The revolution will be televised.)
[ Post Reply | Private Reply | To 5 | View Replies]

To: softengine
"The company admitted that it doesn't use encryption..." All together now folks - Holy Sh.......

You wouldn't encrypt a backup... but then wouldn't/shouldn't ship your off-site backup tape via UPS so it could get lost

9 posted on 06/08/2005 2:30:32 PM PDT by tophat9000 (When the State ASSUMES death...It makes an ASH out of you and me..)
[ Post Reply | Private Reply | To 1 | View Replies]

To: softengine
Banks are dinosaurs. They're using old-fashioned tape technology and plain-text. I'm surprised the headline wasn't "Bank loses deck of punch cards".
10 posted on 06/08/2005 2:31:09 PM PDT by FreedomAvatar (Gravity is only a theory - Teach the controversy)
[ Post Reply | Private Reply | To 1 | View Replies]

To: softengine

Well, people like me who depend on UPS in the future will "benefit" from the higher shipping fees amid lawsuits from angry Citibank customers. You just know lawsuits are in the pipe.


11 posted on 06/08/2005 2:32:10 PM PDT by BigSkyFreeper (Whop-bobaloobop a WHOP BAM BOOM!!)
[ Post Reply | Private Reply | To 8 | View Replies]

To: softengine

Aaaaaarrrrgh!

Citibank is *my* bank!

But then, everybody already knows that by now....


12 posted on 06/08/2005 2:32:45 PM PDT by highball
[ Post Reply | Private Reply | To 1 | View Replies]

To: FreedomAvatar
Banks are dinosaurs.

I got a friend in Mississippi who repairs and fixes bank teller machines. He said the ones he works on use OS/2 Warp.

13 posted on 06/08/2005 2:33:16 PM PDT by BigSkyFreeper (Whop-bobaloobop a WHOP BAM BOOM!!)
[ Post Reply | Private Reply | To 10 | View Replies]

To: tophat9000
You wouldn't encrypt a backup... but then wouldn't/shouldn't ship your off-site backup tape via UPS so it could get lost.

Agreed. I've worked at several banks and the backups weren't encrypted. But the tapes were hand-couriered to and from the "iron mountain" offsite storage and checked in/checked out on both ends. We never sent them via common carrier!

Speaking of bank screwups, a very large bank who shall remain nameless keeps sending me CDs of customer data for the wrong company. I've told them repeatedly to cease and desist but it happens 2 or 3 times a year.

LQ

14 posted on 06/08/2005 2:33:45 PM PDT by LizardQueen (The world is not out to get you, except in the sense that the world is out to get everyone.)
[ Post Reply | Private Reply | To 9 | View Replies]

To: softengine
["The company admitted that it doesn't use encryption..."

All together now folks - Holy Sh.......]

What part about 'security' do these folks not understand?

Who are these people, really?

15 posted on 06/08/2005 2:35:48 PM PDT by cricket
[ Post Reply | Private Reply | To 1 | View Replies]

To: softengine

They should have sent it regular US Mail. The credit card bill they send me every month never fails to get here. NEVER,NEVER,NEVER.


16 posted on 06/08/2005 2:36:44 PM PDT by DancesWithTrout
[ Post Reply | Private Reply | To 1 | View Replies]

To: highball
"Citibank is *my* bank! But then, everybody already knows that by now...."

LOL. . .but no laughing matter, of course.

17 posted on 06/08/2005 2:37:24 PM PDT by cricket
[ Post Reply | Private Reply | To 12 | View Replies]

To: softengine

on tape??? tape???

not encrypted???

sent by UPS???

How can these people be so stupid???

Not only should people be fired, the whole division should be shut down for incompetence. If laws were broken, they should be prosecuted to the max. This is unbelievable.


18 posted on 06/08/2005 2:39:13 PM PDT by JWinNC (www.anailinhisplace.net)
[ Post Reply | Private Reply | To 1 | View Replies]

To: BigSkyFreeper
I'll bet some high-ranking CEO got promoted over this fiasco.

Then promptly has his identity stolen if there's any justice.

19 posted on 06/08/2005 2:40:32 PM PDT by mewzilla
[ Post Reply | Private Reply | To 7 | View Replies]

To: softengine

_______________________ you-are-scrd
Customers are advised to call 866-452-2484


20 posted on 06/08/2005 2:40:44 PM PDT by OB1kNOb (Excrementum Occurum)
[ Post Reply | Private Reply | To 1 | View Replies]

To: softengine

So? What's the worst that could happen?


21 posted on 06/08/2005 2:40:53 PM PDT by pabianice
[ Post Reply | Private Reply | To 1 | View Replies]

To: highball
Citibank is *my* bank!

You know, my mattress is startin' to look pretty good...

22 posted on 06/08/2005 2:41:32 PM PDT by mewzilla
[ Post Reply | Private Reply | To 12 | View Replies]

To: softengine

Well isn't this forking wonderful. I have THREE Citibank accounts...two credit cards and a personal loan...


23 posted on 06/08/2005 2:42:41 PM PDT by RockinRight (Conservatism is common sense, liberalism is just senseless.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: mewzilla

LOL! That too!


24 posted on 06/08/2005 2:44:29 PM PDT by BigSkyFreeper (Whop-bobaloobop a WHOP BAM BOOM!!)
[ Post Reply | Private Reply | To 19 | View Replies]

To: softengine

It don't matter........ I figure the only reason we don't have more ID theft is because we don't have enough talented crooks. In this day and age, financial data is soooo easy to get, I'm amazed the system hasn't collapsed due to bilking.


25 posted on 06/08/2005 2:46:55 PM PDT by umgud (FR, NASCAR, NRA, GOP)
[ Post Reply | Private Reply | To 1 | View Replies]

To: LizardQueen

my limited understanding is that in Canada that the major banks here operate parallel central computer systems so if one goes down, the other system can continue whilst the other system is being repaired


26 posted on 06/08/2005 2:56:52 PM PDT by littlelilac
[ Post Reply | Private Reply | To 14 | View Replies]

To: LizardQueen
Agreed. I've worked at several banks and the backups weren't encrypted. But the tapes were hand-couriered to and from the "iron mountain" offsite storage and checked in/checked out on both ends. We never sent them via common carrier!

Speaking of bank screwups, a very large bank who shall remain nameless keeps sending me CDs of customer data for the wrong company. I've told them repeatedly to cease and desist but it happens 2 or 3 times a year.

I know this is just very sloppy "rookie" type IT mistake...as an FE the first thing I learned is Customer data is SACRED!...this is the complete (potentially irreplaceable) business on these tapes...physically treat them as such... but I've seen this kind of dumbness before...you burn, you learn

27 posted on 06/08/2005 2:58:26 PM PDT by tophat9000 (When the State ASSUMES death...It makes an ASH out of you and me..)
[ Post Reply | Private Reply | To 14 | View Replies]

To: softengine

So exactly what DO they do for security then, and what IS the frequency Kenneth?


28 posted on 06/08/2005 3:04:17 PM PDT by combat_boots (Dug in and not budging an inch. NOT to be schiavoed, greered, or felosed as a patient)
[ Post Reply | Private Reply | To 1 | View Replies]

To: softengine
"The United Parcel Service lost the tape on May 2nd..."

I hope someone sues that POS company out of existence. Every single time I've used their "delivery service," the order has been damaged or otherwise gone awry.

Oh, but they can fill out one of those post-it "We were here" forms faster than you can put your coffee mug down and walk to the door. They're excellent at filling out those notices.
29 posted on 06/08/2005 3:05:16 PM PDT by Ghost of Philip Marlowe (Liberals are blind. They are the dupes of Leftists who know exactly what they're doing.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: softengine
I don't use UPS anymore. They lost a package of mine several years ago and I was never reimbursed a nickle for it. Red tape was the reason I didn't pursue the matter.
30 posted on 06/08/2005 3:05:35 PM PDT by chainsaw
[ Post Reply | Private Reply | To 1 | View Replies]

To: FreedomAvatar

Commercial software is very conservative. That is, prehistoric. Same in the medical industry. ASCII screens, still. It must have something to do with the nature of the customer.


31 posted on 06/08/2005 3:09:35 PM PDT by RightWhale
[ Post Reply | Private Reply | To 10 | View Replies]

To: BigSkyFreeper

I suppose your correct. That is one way to keep him/her from the problem again.

It is stupid for not having a backup especially when it's being sent out of house.


32 posted on 06/08/2005 3:09:58 PM PDT by chainsaw
[ Post Reply | Private Reply | To 7 | View Replies]

To: dirtboy

"If you knew some of the stuff that I have seen about the data that banks have sent through UPS without encryption or security safeguards or even checking out where they are sending it, you'd drop a cinder block."

Yeah, it will take all 4 million customers getting whacked for $2 billion dollars before the banks wake up. My private bank sent me a new credit card after they reported all 35,000 customers had their data stolen. This happened 3 months ago.


33 posted on 06/08/2005 3:10:58 PM PDT by quantfive
[ Post Reply | Private Reply | To 4 | View Replies]

To: softengine
"The company admitted that it doesn't use encryption..."

The encryption is the fact that you have to have exactly the right tape drives and mainframe computer to even read these tapes. You don't just shove 1" reel to reel tape into your A:\ drive.

34 posted on 06/08/2005 3:11:14 PM PDT by Yo-Yo
[ Post Reply | Private Reply | To 1 | View Replies]

To: softengine

/bin/rm -r /usr/citibank/mycard


35 posted on 06/08/2005 3:14:44 PM PDT by SoDak (I'm just having one of those life's)
[ Post Reply | Private Reply | To 1 | View Replies]

To: umgud
I figure the only reason we don't have more ID theft is because we don't have enough talented crooks.

The silver lining to our pathetic education system.
36 posted on 06/08/2005 3:20:44 PM PDT by UnbelievingScumOnTheOtherSide (Give Them Liberty Or Give Them Death! - Islam Delenda Est! - Rumble thee forth...)
[ Post Reply | Private Reply | To 25 | View Replies]

To: softengine

Is there any reason why CitiBank shouldn't be the subject of some very serious litigation in this matter? How dare they just blow it off by giving out a phone number to call?! It may be time to put to the fire the feet of one of the country's greatest userers!


37 posted on 06/08/2005 3:26:31 PM PDT by Continental Soldier
[ Post Reply | Private Reply | To 1 | View Replies]

To: softengine

If it wasn't for Sarbanes Oxly they would have never said anything about this. This is a huge compliance issue.


38 posted on 06/08/2005 3:34:06 PM PDT by todd1
[ Post Reply | Private Reply | To 1 | View Replies]

To: BigSkyFreeper

They should have had IRON mountain pick up the tapes. But I am sure they were going on the cheap.


39 posted on 06/08/2005 3:34:45 PM PDT by todd1
[ Post Reply | Private Reply | To 5 | View Replies]

To: softengine

The lawsuits would have to show financial damage to clients because the bank was negligent in using a plain-text tape and sending it via UPS. UPS has a liability too just for losing the tape. Considering the posible number of clients and the possible extent of financial damage, the bank's and UPS' liability could be ruinous to both.....billions IMHO.


40 posted on 06/08/2005 4:30:56 PM PDT by NetValue (Islam cannot progress until it separates their states from their religion.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: softengine

Oh good lord. At least BofA in CA had a critical fire in their "tech center" not long after the eruption of BCCI... Sheez. "Can't find the tape". I see.


41 posted on 06/08/2005 5:00:55 PM PDT by Alia
[ Post Reply | Private Reply | To 1 | View Replies]

To: Ghost of Philip Marlowe; chainsaw

Tell me about it.

UPS delivered a package to me that had been misaddressed. Guy I bought some stuff from on eBay put a label with my name on it by mistake.

I called UPS six times trying to get someone to take it back, and finally had to ship it to the guy on my own dime. By USPS.

I know that the mistake was his, but you think they would want his business enough to at least return it to him (and charge him again to ship it to the right person).

I hate UPS.


42 posted on 06/08/2005 5:19:16 PM PDT by highball
[ Post Reply | Private Reply | To 29 | View Replies]

To: highball

And if you buy something (like a restored vintage tube radio made of Bakelite) and it is destroyed during shipment, you can forget about trying to get a single dime from UPS even if you have insurance. They make it impossible.


43 posted on 06/08/2005 5:26:11 PM PDT by Ghost of Philip Marlowe (Liberals are blind. They are the dupes of Leftists who know exactly what they're doing.)
[ Post Reply | Private Reply | To 42 | View Replies]

To: Ghost of Philip Marlowe

You know that UPS stinks when the USPS looks great in comparison.

Compared to UPS, the Postal Service has excellent customer service and actually cares about my package.


44 posted on 06/08/2005 5:35:12 PM PDT by highball
[ Post Reply | Private Reply | To 43 | View Replies]

To: highball

I've never had a single problem with USPS Priority.

And I'm talking in the many hundreds.


45 posted on 06/08/2005 5:39:20 PM PDT by Ghost of Philip Marlowe (Liberals are blind. They are the dupes of Leftists who know exactly what they're doing.)
[ Post Reply | Private Reply | To 44 | View Replies]

To: todd1
They should have had IRON mountain pick up the tapes. But I am sure they were going on the cheap.

There is absolutely no reason why they couldn't do the job themselves. In this day and age of bulletproof high speed networks. For a bank that has to "go on the cheap", says alot about Citibank.

46 posted on 06/08/2005 5:43:43 PM PDT by BigSkyFreeper (Whop-bobaloobop a WHOP BAM BOOM!!)
[ Post Reply | Private Reply | To 39 | View Replies]

To: Ghost of Philip Marlowe
I've never had a single problem with USPS Priority.

I agree. I don't use UPS anymore, USPS priority Mail is great.

47 posted on 06/08/2005 5:44:55 PM PDT by Inyo-Mono (Life is like a cow pasture, it's hard to get through without stepping in some mess.)
[ Post Reply | Private Reply | To 45 | View Replies]

To: softengine
Welcome to United Package Smashers!

No, Seriously!

8^)

48 posted on 06/08/2005 6:20:13 PM PDT by hadit2here ("Most men would rather die than think. Many do." - Bertrand Russell)
[ Post Reply | Private Reply | To 1 | View Replies]

To: highball
Me too. Just trying to recall if they have my email address. I guess I will find out soon enough.

Folks check those credit card bills.

49 posted on 06/08/2005 6:24:04 PM PDT by mware ("God is dead" -- Nietzsche........ "Nope, you are"-- GOD)
[ Post Reply | Private Reply | To 12 | View Replies]

To: softengine

until they start having to payoff on class action lawsuits from people who have suffered identify theft, they could care less.


50 posted on 06/08/2005 6:28:42 PM PDT by oceanview
[ Post Reply | Private Reply | To 1 | View Replies]


Navigation: use the links below to view more comments.
first 1-5051-60 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson