CitiFinancial, the consumer finance division of Citigroup Inc. Monday said that personal data of some 3.9 million of its customers have been lost despite enhanced security.
In a statement CitiFinancial said that it has begun mailing a letter to the customers informing about the incident and assuring them that there is no reason for it believe that the information has been used inappropriately.
"We deeply regret this incident, which occurred in spite of the enhanced security procedures we require of our couriers," said Kevin Kessinger, Executive Vice President of Citigroup's Global Consumer Group and President of Consumer Finance North America.
The company said the customers' personal information was on computer tapes that were lost by UPS while in transit to a credit bureau. The tapes contained information about CitiFinancial branch network customers in the United States as well as customers with closed accounts from CitiFinancial Retail Services.
However, it clarified that the tapes did not contain any customer information from CitiFinancial Auto, CitiFinancial Mortgage or any other Citigroup business.
"There is little risk of the accounts being compromised because customers have already received their loans, and no additional credit may be obtained from CitiFinancial without prior approval of our customers, either by initiating a new application or by providing positive proof of identification," Kessinger said. He said beginning in July, this data will
be sent electronically in encrypted form.
"We are making every effort to ensure that our customers are aware of what we are doing and what we suggest they do to protect their identity. We are committed to ensuring that our customers have the support they need to monitor their credit and know how to respond should they identify any problems," Kessinger said.
Debby Hopkins, Chief Operations and Technology Officer of Citigroup said that while the incident affects the customers of only one of the businesses of the group, it is putting significant effort into assuring that data protection procedures meet and exceed industry standards at all of our businesses. "We are reviewing the issues here as part of this ongoing effort," he said.
The letter said that at there is little risk of the customers' accounts being compromised because they have already received their loan and no additional credit may be obtained from CitiFinancial without customers' prior approval.
The situation arose during the routine shipment of computer tapes to a credit bureau. The tapes contained names, social security numbers, account numbers and payment history of CitiFinancial customers. During a recent delivery, one of these couriers lost one box of tapes.