Monday, March 27, 2006

Data Accountability and Trust Act Amended

The Data Accountability and Trust Act (House Bill 4127 ) has been amended to change the trigger requiring notification in the event of a security breach from a "significant risk" of identity theft to a "reasonable risk." This makes it more likely that the bill will receive bipartisan support.

The bill only applies to data brokers, and the amended version narrows the definition of "data broker" to those entities that disclose non-customer data to non-affiliated third parties.

Tuesday, March 07, 2006

Citibank Issues a Statement

Citibank has issued the following statement:

"Recently, we became aware of fraudulent ATM cash withdrawls on Citi-branded MasterCard credit and debit cards used in the UK, Russia and Canada on customer accounts that had been possibly compromised in previous retailer breaches in the US. To protect customer accounts that were affected, we placed a special transaction block in those three countries on PIN based transactions. We are currently reissuing cards, as appropriate, to affected customers. Protecting our customers' accounts and personal information is one of our highest priorities."

Monday, March 06, 2006

Citibank ATM Problem?

There appears to be problem with Citibank's ATMs -- namely, that customers are being locked out of them. The problem, whatever it is, appears to be confined to Canada, Great Britain, and Russia, and is not in the United States. It is not possible to say at this time if it is a privacy problem or even a security breach, and it appears Citibank is working on the problem. Citibank hasn't issued a formal statement, but check Tuesday's Wall Street Journal for an article dealing with this.

Clearly, if there is a security breach, they have an obligation to contact their affected customers as soon as possible. Which would also, if it needs to be said, be a good business practice as well.