Citigroup Customer Data Leaked on LimeWire

Citgroup has confirmed that it's investigating a data breach involving the names, Social Security numbers and credit information of 5,208 customers inadvertently leaked by an employee of its ABN Amro Mortgage Group unit onto the LimeWire peer-to-peer file-sharing network. Ad Tiversa, a company that monitors P2P networks on behalf of clients, told eWEEK that it found Excel spreadsheets from the desktop of a financial analyst ABN Amro Mortgage Group running LimeWire. Although Tiversa found over 10,000 files, deduplication revealed only 5,208 unique Social Security numbers, along with names and what type of mortgage each customer had: conventional, 30-year or conforming, for example.

The information is likely to have been exposed to millions of LimeWire users, given that there are at least 10 million nodes online in a P2P file-sharing network at any point in time, said Chris Gormley, Tiversa's chief operating officer. "As an identity thief, [that gives you] the keys to [those individuals'] digital life," Gormley said. According to a Dow Jones Newswire report, the ABN employee responsible for posting the data signed up last year to use a LimeWire-like P2P service and inadvertently exposed not only the spreadsheet but also personal documents, including her resume and a Travelocity confirmation of a family trip. The woman told the news service that she was laid off this summer and wasn't aware of the breach before Dow Jones contacted her on Sept. 20.

View: Full Story on eWeek

Report a problem with article
Previous Story

PC Tools ThreatFire 3.0.8.0

Next Story

Inventors Protest US Patent Bill

7 Comments

Commenting is disabled on this article.

Maybe they should be putting thin-clients in these offices, or even completely dumb terminals. Would be easier to lock down.

How the hell can it be done "inadvertantly"?... it takes effort and more than one action to put something up for sharing... this was done on purpose!

The company should be made ultimately responsible, maybe then they will take security over customer details seriously.

This is where you may be wrong. When I use to use p2p clients, it would automatically share My Documents and all of it's sub-directories under the default installation. The majority of the users, I'm sure, are not that savvy to specify what directories go under their share.

omfgAaron said,
This is where you may be wrong. When I use to use p2p clients, it would automatically share My Documents and all of it's sub-directories under the default installation. The majority of the users, I'm sure, are not that savvy to specify what directories go under their share.

Maybe he shouldn't be using this **** in a BANK.

Yet another idiot user using P2P software at work. Is this why the IT department bans its use and HR policy makes it the basis for instant dismissal in companies that are dealing with sensitive data? Nice to know that information wants to be free, setting it free can seriously disrupt your employment and employability. If you are going to be installing such stuff at work, you'd better be smarter than the average power user, otherwise you'll be on the receiving end for a data leak inquiry.

Hum... Some employee downloading stuff on Limewire? I smell a pink slip and a RIAA lawsuit...

"Do what you want cus a pirate is free..."

It's not THE LimeWire network. It's the Gnutella network, made by the original guys from Nullsoft.
It's an open network, with much more clients on it like Shareaza , Phex and others... (Google them, if you wish so)