The company has blamed the incident on software limitations

Jul 22, 2013 20:16 GMT  ·  By

The personal information of 150,000 consumers who went into bankruptcy between 2007 and 2011 – including their social security numbers – were exposed after Citi failed to properly redact court records before they were put on the Public Access to Court Electronic Records (PACER) system.

According to American Banker, Citigroup has blamed “limitations” in the piece of software responsible for redacting the documents.

“As a result of this limitation in technology, personally identifiable information could be exposed and read if electronic versions of the court records were accessed and downloaded from the courts' online docket system and if the person downloading the information had the technical knowledge and software to restore the redacted information,” the company stated.

When the incident was discovered in April 2011, Citi took immediate steps to remediate the issue. However, the US Justice Department’s US Trustee Program was unhappy with the fact that Citi failed to disclose the full extent of the breach.

In addition, the bank also failed to come up with a solution to the problem, and it did not promise to notify customers.

In a pact with US Trustee unsealed last week, Citi promised to notify all the impacted parties, offer a year of free credit monitoring, and redact the sensitive information at its own expense.