SAN FRANCISCO -- Citigroup is advising some customers to take steps to protect their identity following the disappearance of a package containing credit information on 3.9 million of the company's CitiFinancial Branch Network Customers.
The data, which contains customer names, Social Security numbers, and payment history information, was stored on computer tapes being sent via United Parcel Service to a credit bureau, Citigroup said in a statement released today. Citibank is now mailing a letter to affected customers, advising them of the situation and offering a number of tips on how they can prevent identity theft.
One such tip: "Do not send sensitive information unless it is encrypted on a secure Web site."
Closing the Barn Door
The New York-based Citibank appears to be taking that piece of advice to heart. Beginning next month, it will begin sending credit bureau data "electronically in encrypted form," the company said in a statement.
In addition to data on U.S. CitiFinancial Branch Network customers, the tapes contain information on closed CitiFinancial Retail Services accounts. Citibank has no reason to believe that any of its missing data have been used inappropriately, the statement said.
Because of the sensitivity of the missing information, Citigroup and UPS have informed "a number of law enforcement agencies and regulatory authorities," said Norman Black, a UPS spokesman.
Black referred questions abut the specifics of the missing package to Citigroup, which did not return call seeking comment.
UPS is still trying to understand how the package went missing, Black said. "We're delivering on average 14.1 million packages every day, and the technology that we have today is such that it is very unusual for us to find ourselves in a situation where we literally can't find a package," he said. "We have to determine... what did go wrong so we can fix it."
This marks the second time in recent months that tapes containing large quantities of personal information has gone missing in transit. In March, Time Warner blamed data storage company Iron Mountain for the disappearance of a shipment containing details on about 600,000 current and former employees.