Ovum on: CITIGROUP'S CUSTOMER DATA LOSS

Ovum on: CITIGROUP'S EMBARRASING CUSTOMER DATA LOSS

Citigroup said earlier this week that data tapes containing credit information on 3.9m of its customers have gone missing while in transit with UPS to a credit bureau. The data contains customer names, Social Security numbers and payment history information. Citigroup is writing to the affected customers, who are all in the US.
David Bradshaw, Principal Analyst and Practice Leader (CRM) and Graham Titterington, Principal Analyst, comment:

Comment: "Just when you thought that all the security problems that banks face came from the internet, up pops this news to show that data-security problems exist just as much in the physical world.

What next, will people start stealing money from bank branches? Seriously, it seems odd that banks don't use secure delivery services that take into account the fact that people might want to steal data. It reminds us of people who refuse to buy things from Amazon because the Internet isn't secure, but who'll happily hand over their credit card to a restaurant waiter they don't know.

Actually, the biggest security threat on the Internet is not the hacking of interactive transactions, but rather the risk that hackers will hack into merchant's customer databases, thereby harvesting thousands of customer records and credit card details in one swipe. The irony is that these databases may contain customer records for offline as well as online customers. And even merchants with no online sales may have hack-able databases, so customers who avoid shopping on the Internet are still at risk. There's no easy solution. "