United Parcel Service (UPS) is officially denying that computer tapes of Citigroup banking records were ever e-hijacked as was claimed by a speaker during a security seminar Nov. 3 in Washington D.C.
“It’s not true that those tapes were stolen; what happen is that the packages broke open in transit and the contents were inadvertently thrown away,” Susan Rosenberg, a UPS spokeswoman, told FleetOwner yesterday. “In this particular instance, the allegations that they were stolen are just plain wrong.”
At the seminar hosted by law firm Patton Boggs LLP, Stephen Spoonamore, CEO of data security consulting firm Cybrinth, pointed to the loss of Citigroup’s tapes as an example of electronic hijacking, whereby electronic manifests are reset in transit to alter shipment security requirements, thus allowing them to be stolen.
“We’re not going to detail our security procedures, but suffice to say we’ve got a lot built into our system,” said UPS’s Rosenberg. “There are reasons we know the packages broke open and were discarded that I won’t go into. What I can tell you is that we worked very closely with Citigroup to resolve this and they were very satisfied with the results of our investigation into this matter.”
Citigroup noted that the tapes, which contained information on 3.9 million CitiFinancial Branch Network customers, got lost while in transit to a credit bureau back in June. The tapes contained information on the customers in the U.S., as well as customers with closed accounts from CitiFinancial Retail Services.
Kevin Kessinger, executive vp of Citigroup’s Global Consumer Group and president of Consumer Finance North America, said the banking giant had no reason to believe that the information was used inappropriately, nor has it received any reports of unauthorized activity. Also, back in July, he added, Citigroup began sending that financial data electronically in encrypted form.
“We deeply regret this incident, which occurred in spite of the enhanced security procedures we require of our couriers,” Kessinger said. “But there is little risk of the accounts being compromised because customers have already received their loans, and no additional credit may be obtained from CitiFinancial without prior approval of our customers, either by initiating a new application or by providing positive proof of identification.”
“Customer security is of paramount importance to Citigroup,” said Debby Hopkins, chief operations and technology officer for Citigroup. “While this incident affects the customers of only one of our businesses, we put significant effort into assuring that our data protection procedures meet and exceed industry standards at all of our businesses, and are reviewing the issues here as part of this ongoing effort.”