It's beginning to get a little too routine. Nearly every week, some well-known, highly respected financial institution a) loses, b) misplaces, or c) has in its possession stolen confidential consumer financial data.
Most recently it was CitiFinancial's turn in the penalty box. The consumer finance division of Citigroup is in the process of sending out notices to some 3.9 million US customers that computer tapes containing information about their accounts -- including Social Security numbers and payment histories -- have been lost.
This, I suspect, will not put these 3.9 million customers in their "happy place".
The tapes were lost during a routine shipment from a datacentre in New Jersey to a credit reporting bureau in Texas. Isn't just about everything that's between New Jersey and Texas lost by definition? If the tapes are sitting out in the scorching Texas summer sun somewhere, have no fear about them being used for anything more nefarious than tarring a roof.
In a statement, CitiFinancial said it "had no reason to believe that this information has been used inappropriately, nor has it received any reports of unauthorized activity". Haven't we heard this somewhere before?
CitiFinancial joins a list of distinguished Fortune 500 companies -- including TimeWarner, Bank of America, and Ameritrade -- that have compromised the confidential information of their customers and employees.
There is one difference between what happened at CitiFinancial and the other recent data losses in transit. Unlike other companies, Citibank made it clear in its statement that the company had plans to begin encrypting their credit bureau information. Wow, if you can teach dogs to sit, maybe companies can learn security, too!
Citigroup, CitiFinancial's parent corporation, began a company-wide effort last year to eliminate the physical shipment of data tapes after losing a batch of tapes in Singapore (OK, so it takes a couple of times to get it right).
Bob Cramer, president and CEO of LiveVault, a disk-based online backup and recovery provider, is adamant about the need for encryption. "Companies need to stop risking the security of their data and fix the problem, especially since technology exists that eliminates the risk of backing up data to tape," he said.
But if I were an IT manager for a publicly traded company, I would start my security plan with what to do in the case of lost customer data, because it almost looks more like it's not a question of if it will happen, but when.