Citigroup's Lost Tapes Cast Spotlight On Data Security - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
News

Citigroup's Lost Tapes Cast Spotlight On Data Security

Banks are considering a variety of measures to tighten the security for customer information.

This week's disclosure by Citigroup that a box of tapes containing information on 3.9 million customers was lost in transit has again pointed out the chain of vulnerabilities that banks need to strengthen to guarantee the security of customer data.

The tapes contained Social Security numbers, names, account numbers, and payment histories on customers of CitiFinancial, which provides personal, auto, and home-equity loans. The tapes also contained information on customers with closed accounts from CitiFinancial Retail Services, which provides private-label credit cards for retailers.

The tapes were picked up from a Citigroup data center by UPS Inc. on May 2, bound for a data center in Texas operated by Experian, a credit bureau. Citigroup was notified by Experian on May 20 that the box hadn't arrived; three days later it confirmed that the box was missing, whereupon it notified the Secret Service. UPS hasn't recovered the box, but says there's no indication it was stolen. The tapes were unencrypted; starting next month, the bank will begin sending the data electronically in encrypted form. The decision to do so was made prior to this week's disclosure, a spokesman says.

Banks, like all corporations handling customer data, are under intense pressure to revamp their data-protection policies. Following California's lead, eight states (Arkansas, Florida, Georgia, Indiana, Illinois, Montana, North Dakota, and Washington) as well as New York City have passed notification laws regarding information-security breaches. The patchwork of state laws is driving up compliance costs for companies, says Chris Wolf, partner and head of the privacy and data-security practice at law firm Proskauer Rose LLP. Federal laws now working their way through Congress would pre-empt many of the state laws, easing the compliance burden, he says.

Banks have set a high priority on initiatives related to data security. Banks in the United States will spend $1.6 billion on IT security this year, making up 4.1% of total IT spending, according to research firm Celent Communications. Among the top security budget items are combating insider fraud, achieving compliance, two-factor authentication, awareness and education, and anti-spyware and other tools for preventing malicious attacks.

In light of the disclosures by Citigroup and Bank of America, which reported in February that tapes containing information on 1.2 million customers were lost in transit, banks are likely to accelerate adoption of methods for better securing customer data, such as encrypting all data, tightening physical security, and installing perimeter defenses such as firewalls and intrusion-detection systems.

Still, despite the public brouhaha over customer data protection, it may take banks a while to implement all these changes. "We're looking at a redefinition of processes," says Celent analyst Jacob Jegher. "Big banks have a lot of technology and processes, which take time to change." The practice of externally shipping tapes off-site is still quite common and is unlikely to disappear, he says.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
Slideshows
Top-Paying U.S. Cities for Data Scientists and Data Analysts
Cynthia Harvey, Freelance Journalist, InformationWeek,  11/5/2019
Slideshows
10 Strategic Technology Trends for 2020
Jessica Davis, Senior Editor, Enterprise Apps,  11/1/2019
Commentary
Study Proposes 5 Primary Traits of Innovation Leaders
Joao-Pierre S. Ruth, Senior Writer,  11/8/2019
Register for InformationWeek Newsletters
Video
Current Issue
Getting Started With Emerging Technologies
Looking to help your enterprise IT team ease the stress of putting new/emerging technologies such as AI, machine learning and IoT to work for their organizations? There are a few ways to get off on the right foot. In this report we share some expert advice on how to approach some of these seemingly daunting tech challenges.
White Papers
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll