Saturday, September 22, 2007

Citigroup Data Leaked on Limewire; Will There Be Jail Time?

eWeek is reporting that a Citigroup employee running p2p software Limewire has potentially been used to find over 5,000 customer records including Social Security Numbers, names, credit information and mortgage types. eWeek notes:

Tiversa found over 10,000 files, deduplication revealed only 5,208 unique Social Security numbers, along with names and what type of mortgage each customer had: conventional, 30-year or conforming, for example.

The information is likely to have been exposed to millions of LimeWire users, given that there are at least 10 million nodes online in a P2P file-sharing network at any point in time, said Chris Gormley, Tiversa's chief operating officer.

If this information is proven to be accurate, should the employee or the Citigroup execs face jail time? The monetary fines are obviously not working, would a stint in jail start to wake up companies that our data is the most important piece to their ability to generate revenue.

I raised my concerns earlier this week with Mint and their "bank-level" security. What I would like to see from them (and the other apps in this sector) is their plan for when data is breached. How will they handle the breach in both communications to customers and in monetization to those who were affected.

And while many wrote about Facebook blocking in corporations, one of the issues no one (including me) seemed to touch on is security. How far are we from a malicious Facebook app?