Citigroup's Backup Bust

A number of high-profile cases about large corporate entities losing or exposing customer data and private information have come out, but perhaps none are as big and bizarre as Citigroup's flap.

Earlier this month, the nation's biggest financial-services company announced it had lost personal information records for 3.9 million customers of its CitiFinancial subsidiary. According to various news reports, that's the largest breach of customer privacy to date. While the number of customers affected by the blunder is staggering, the circumstances are even more shocking: Citigroup says UPS lost the customer files, which were on storage tapes, in transit during a delivery to a credit bureau. Thus, the social-security numbers and account information of nearly 4 million people are no longer secure.

So, what happened? Did the tapes fall out of the back of a UPS van? At press time, UPS had not made an official comment. While Citigroup issued a statement saying it did not believe the tapes had fallen into the wrong hands, the company pledged to add measures to protect consumers' personal information.

"We deeply regret this incident, which occurred in spite of the enhanced security procedures we require of our couriers," said Kevin Kessinger, executive vice president of Citigroup's Global Consumer Group and president of Consumer Finance North America, in a statement. "Beginning in July, this data will be sent electronically in encrypted form."

What can brown do for you? For Citigroup, not much other than landing it in hot water. --Rob Wright