A former employee of Citi's ABN Amro Mortgage group in the US leaked the personal information of more than 5,000 customers via a peer-to-peer (p2p) file-sharing network.The former employee reportedly compromised three spreadsheets containing more than 5,000 government issued numbers.
Data-leak prevention vendor Tiversa traced the breach back to a Florida computer with BearShare software installed, according to an Associated Press report. The data was leaked from the former employee's home computer.
Tiversa Chief Operating Officer Christopher Gormley said that his company investigated the incident after being called by a Wall Street Journal reporter, and found data — including names, Social Security numbers, amounts of loans and types of banks where loans had originated — had been leaked.
Citi spokesman Mark Rodgers referred questions today to a company statement saying that the financial services giant has taken actions to rectify the breach.
“Protecting customer information remains a priority at Citi, and we remain fully committed to physical, electronic and procedural safeguards to protect personal information,” the company said in a statement. “The customer information involved has been retrieved from the source computer. We are taking appropriate steps to identify, notify and protect the customers involved, including offering complimentary credit monitoring services.”
Gordon Rapkin, president and CEO of Protegrity, said today that he is surprised the data wasn't encrypted.
“For one, what was the data doing on a computer and why wasn't it protected? And once you get past all those types of questions, the process question here is, what did Citi do to educate their users to the dangers?” he said. “This looks like [a case of] an uneducated employee who didn't realise the risks of associating a peer-to-peer network with sensitive corporate data.”