One more "mistake"

[seeker]

Notice that it says CITIGROUP,WAHCOVIA and BANK OF AMERICA have ALL 'lost' customer info -- interesting about the W and BoA -- stolen by employees and sold to debt collectors???? And they wonder why we DEMAND verified, certified, validation????? GEt rid of those nasty pieces of plastic evil -- they are an invitation to BB to have their way!

Seeker



News
06/07/2005 09:13:59 EST Related Quotes

C 47.95 0.26
TWX 17.10 0.08
WB 50.99 0.34
BAC 46.12 0.22


Citigroup Data of 3.9M Customers Is Lost



NEW YORK - CitiFinancial, the consumer finance division of Citigroup Inc., announced Monday that it has begun notifying some 3.9 million U.S. customers that computer tapes containing information about their accounts have been lost.
Citigroup, which is based in New York, said the tapes were lost by a courier in transit to a credit bureau.

The bank said the tapes contained information about both active and closed accounts at CitiFinancial's branch network. It said they did not contain information from CitiFinancial Auto, CitiFinancial Mortgage or any other Citigroup business.

The statement said that CitiFinancial "had no reason to believe that this information has been used inappropriately, nor has it received any reports of unauthorized activity."

It was the latest in a series of data losses or breaches that have forced financial institutions and other data collectors to warn customers that their personal information may be at risk.

Last month, media and entertainment company Time Warner Inc. said that computer backup tapes containing data on 600,000 individuals were lost by an outside data storage firm.

The data were on current and former employees going back to 1986, as well as some of their dependents and beneficiaries, the company said. It did not include personal data on Time Warner customers, the company said.

Also in May, more than 100,000 customers of Wachovia Corp. and Bank of America Corp., both headquartered in Charlotte, N.C., were notified that their financial records may have been stolen by bank employees and sold to collection agencies.

In all, nearly 700,000 customers of four banks may be affected, according to police in Hackensack, N.J., where the investigation was centered.

CitiFinancial issued an apology for the latest data loss.

"We deeply regret this incident, which occurred in spite of the enhanced security procedures we require of our couriers," said Kevin Kessinger, executive vice president of Citigroup's Global Consumer Group and president of Consumer Finance North America. "There is little risk of the accounts being compromised because customers have already received their loans, and no additional credit may be obtained from CitiFinancial without prior approval of our customers."

Kessinger said that beginning in July, the data "will be sent electronically in encrypted form."

Citigroup shares fell 11 cents to $47.45 in midday trading on the New York Stock Exchange.

___

On the Net:

http://www.citifinancial.com

[charlesa6]

You right on the money seeker. They open the door for identity theft.

[test]

I guess this is the way they are using to "convince" the people of how a great idea it will be to have the new and improved "contactless chipped" homeland security national ID with DNA information and all that.

People will claim "but the government has to do something about it to protect us from identity theft" and it will be again the old story of giving up a little freedom in exchange for a little security.

Oh wait ...

Really, I think they are doing this on purpose to "pre-program" the people to calim the national ID, it seems to be too much of a coincidence for me.

[seeker]

Straight thinkin' test. EVERYTHING that the media hypes (leaks) is geared toward dumbing down the sheeple and setting up the 'circumstances" for them to be 'saved' by the government on the white horses. Too bad the sheeple don't see that those horses are trampling them just as easily when the 'rescuers' ride in. Oh well, a few casualties, right? Just a FEW innocent people....Just a FEW victims ... Just a few deaths... you get the picture

And don't even get me started on "WAR" going on right now, I still see absolutely NO reason why our young men and women are being sacrificed to the almight "GW Wealth Retirement Plan" GET THEM OUT OF THERE! Our presence, in their euphemistic phraseology, is unnecessary and unwanted.
But how else can they justify the Patriot Act, and the Military Rule and the Martial Law, and all the rest of the garbage being shoved down the throats of unsuspecting americans?

Okay, get off that topic@!

Seeker

[seeker]

FOR IMMEDIATE RELEASE: April 12, 2005

SCHUMER INTRODUCES COMPREHENSIVE ID THEFT BILL TODAY; IDENTITY THEFT AT LEXIS NEXIS 10X’S LARGER THAN EXPECTED

Recent Examples of Egregious Loopholes That Are Compromising Personal Information Need Immediate and Thorough Action by Congress

Schumer-Nelson Bill Would Empower FTC, Inform Consumer to Prevent ID Theft in Future, Not Just Punish Wrongdoers after the Fact

On the heels of numerous and significant identity theft breaches, U.S. Senators Charles E. Schumer (D-NY) and Bill Nelson (D-FL) are introducing major and comprehensive legislation today to prevent ID theft, to give broader authority to the Federal Trade Commission, and require more disclosure. The Schumer-Nelson ID Theft Prevention bill is the first and most comprehensive effort to really prevent ID theft, not just punish those who commit ID theft. Sen. Schumer is a member of almost all the committees that would have jurisdiction over this bill including the Finance, Judiciary, and Banking Committees, and Sen. Nelson is a member of the Commerce Committee, which also has jurisdiction.

Schumer said, “What bank robbery was to the Depression Age, identity theft is to the Information Age. Identity theft has become so pervasive and so out-of-hand, that we must make a real effort to prevent it before it happens. When a company like Lexis-Nexis so badly underestimates its own ID theft breaches, it is clear that things are totally out of hand.”

According to Lexis-Nexis today, they found a 300,000 person sensitive personal information breach, not a 30,000 person breach, which was originally reported last month.

“This bill not only will help stop the erosion of privacy,” said Nelson, a longtime champion of consumer privacy. “But it also will cut through the red tape identity theft victims now face when they try to restore their credit.”

Schumer continued, “Everyone knows that once your identity has been stolen, you can’t get it back. That is why our comprehensive measure focuses on making sure that your personal information isn’t surfing the Internet without your permission and that companies handling your Social Security number and other sensitive information should come under the watchful eye of the Federal Trade Commission immediately.”

Schumer Nelson ID Theft Prevention Bill will:

Create FTC Office of Identity Theft to help the millions of victims of ID theft each year to get their identity back through an easily accessible website, toll free phone number and consumer-service teams, and authorizes $60 million a year, for five years for this office.

Regulate data merchants (akin to regulation of credit bureaus) by:
- Make them register with the FTC;
- Institute safeguards to prevent fraudulent access by unauthorized parties;
- Develop authentication process for their customers with individualized passwords;
- Users allowed these passwords are people who have passed a reasonably effective background check;
- Data Merchant should track who accessed what records and for what lawful purpose they were accessed;
- Allow consumers, like with their credit reports, to obtain reports showing which data-merchants have their information and mandates a correction process to fix errors;
- Demands accuracy standards for their information;
- Regulates Credit Bureaus only if, and as far as, they sell credit header information currently unregulated by the Fair Credit Reporting Act and its amendments.

Disclosure Box:
Any company that is collecting your sensitive personal information and plans to sell or transfer your information to an unaffiliated third party, must put a “Disclosure Box” on it, which lets the consumer know in PLAIN ENGLISH that “this information may be sold or given to an unaffiliated third party without your additional consent.”

Notification provisions in the case of an information breach are very similar to current California law (the law that forced ChoicePoint to notify consumers). But there is a new provision, allowing any consumer who is notified of a breach of their information to request, in writing, that their information be completely expunged from the company’s database.

Every company required to take “Reasonable Steps” to protect sensitive personal information they are storing.

Social Security Number Specific Provisions:
- Prohibits any company from asking for a Social Security number unless they actually need it in the normal course of business;
- Prohibits SSN’s displayed on employee IDs and prohibits inmates in prison from having any access to them as part of their prison jobs;
- Bans SSN purchase and sale, except for law enforcement, national security and fraud purposes;
- Grants U.S. Attorney General the ability to further define the exemptions as situations arise and exempt more if needed.

Would also require the FTC to:
- Study national, state and local governments’ public postings of Social Security numbers, come up with recommendations and forward them on to the relevant national, state and local governments;
- Require a thorough annual report each year on ID theft;
- For each section there’s a maximum penalty, usually $1,000 per individual record per violation, which can be administered by the FTC or Attorneys General.
- Study international identity theft and determine ways to combat it;
- Create a blue-ribbon working group representing both industry and consumer groups to find the best ways for private entities to protect consumer data;

Stop public postings of private financial account numbers (i.e. mutual fund companies posting shareholder information on Internet).

Preempts state law to the extent that it is inconsistent with the provisions of this bill and then only to the extent of the inconsistency. If the statute offers greater consumer protections than this bill, it shall not be preempted by this bill.

Create an Assistant Secretary for Cyber Security in the Department of Homeland Security, which is what an earlier Schumer amendment to the 9-11 bill and a bi-partisan house bill in the 108th would have done.

[wirlwind]

Since we got a judgement against us about a month ago, we have not had any checking account, or debit cards, and I never thought I could live w/o the convenience. But it hasn't been bad at all, and I find that I am much more responsible using cash than writing checks or using plastic. My money is lasting better, and my paycheck isn't gone the minute that I get it. Any thing connected with a bank is the devil's tool. The biggest problem that we have had is getting checks cashed. I tried to open an account just to get checks cashed, and they said that they wouldn't be able to give me the money then that they would have to hold the check for 10 business days, and if I tried to cash future checks that if the amount wasn't in there of the check, they would have to hold the check. I hate the way they tell you what they will do with your money! I live in an area where we have a lot of hispanics, and many of them are illegal and so some of the grocery stores will cash checks, and there is also a truck that comes to the plant where I work that will cash them for a fee. Before I had direct deposit, so I never worried about having to cash them. But it seemed like I never had money either. I was always trying to play beat the bank. Hmmm.....

[seeker]

They sure are setting the public up to take a fall and they don't even know it!


News
06/17/2005 22:14:54 EST

Security Breach Could Expose 40M to Fraud
By JOE BEL BRUNO
Associated Press Writer

NEW YORK - The names, banks and account numbers of up to 40 million credit card holders may have been accessed by an unauthorized user, MasterCard International Inc. said Friday.
The credit card giant said the security breach involves a computer virus that captured customer data for the purpose of fraud and may have affected holders of all brands of credit cards.

It said the breach was traced to Atlanta-based CardSystems Solutions Inc., which processes credit card and other payments for banks and merchants.

The compromised data did not include addresses or Social Security numbers, said MasterCard spokeswoman Sharon Gamsin. The data that may have been viewed - names, banks and account numbers - could be used to steal funds but not identities.

Gamsin said she did not know how a virus-like computer script that captured customer data got into CardSystems' network, which MasterCard said was infiltrated by an unauthorized individual. Neither company would elaborate.

The FBI was investigating.

The incident was the latest in a series of security breaches affecting valuable consumer data at major financial institutions and data brokers in an increasingly database-driven world.

The breach appears to be the largest yet involving financial data, said David Sobel, general counsel at the Electronic Privacy Information Center.

"The steady stream of these disclosures shows the pressing need for regulation of the industry both in terms of limitation in the amount of personal information that companies collect and also liability when these kinds of disclosures occur," Sobel said.

A flurry of disclosures of breaches affecting high-profile companies including Citigroup Inc., Bank of America Corp. and DSW Shoe Warehouse has prompted federal lawmakers to draw up legislation designed to better protect consumer privacy.

MasterCard, which said about 14 million of its own cards were exposed, first announced the breach in a news release Friday afternoon, saying it was notifying its card-issuing banks of the problem.

However, CardSystems said late Friday in a statement vetted by the FBI that it first learned of a potential breach on May 22. It said it was told by the FBI not to release any information to the public. The company said it was surprised by MasterCard's decision to go public.

"We were absolutely blindsided by a press release by the association," CardSystems' chief financial officer, Michael A. Brady, told The Associated Press when reached on his cell phone. He refused to answer any questions and referred calls to the company's chief executive, John M. Perry, and its senior vice president of marketing, Bill N. Reeves.

Reeves said the information the company gathered initially was "on a need-to-know basis." He said he could not comment beyond a company statement, which did not give any details about the breach but noted that CardSystems is implementing increased security measures.

"I understand and fully appreciate the seriousness of the situation," Reeves said.

Under federal law, credit card holders are liable for no more than $50 of unauthorized charges, and many card issuers including MasterCard will even waive the $50.

CardSystems processes less than 0.5 percent of American Express' domestic transactions, said company spokeswoman Judy Tenzer. She said a small number of its cardholders were affected, though she did not have an exact figure.

Discover Financial Services Inc. said it was aware of the situation and would not say whether any of its cards were involved. Visa USA and a large issuer of cards, MBNA Corp., did not immediately calls seeking comment.

CardSystems, which has a processing center in Tucson, Ariz., has been in business for more than 15 years and handles transactions for more than 115,000 small to mid-sized businesses, according to the company's Web site. The company says it processes transactions worth more than $15 billion annually.

Sobel said the fact that the latest breach involved a third party "indicates that this is a shadowy industry where the consumer never really knows who is going to be handling and using their personal information."

Earlier this month, Citigroup said UPS lost computer tapes with sensitive information from 3.9 million customers of CitiFinancial, a unit that provides personal and home loans.

There have also been breaches involving other kinds of sensitive data.

ChoicePoint Inc. said in February that thieves using stolen identities had created 50 dummy businesses that pulled data including names, addresses and Social Security numbers on as many as 145,000 people.

In March, LexisNexis Inc. disclosed that hackers had commandeered a database and gained access to the personal files of as many as 32,000 people.

The company has since increased its estimate of the people affected to 310,000. Information accessed included names, addresses and Social Security and driver's license numbers, but not credit history, medical records or financial information, corporate parent Reed Elsevier Group PLC said in a statement.