Citigroup Inc., one of the world’s largest financial institutions, has been found guilty of failing to protect the personal information of nearly 150,000 consumers in 85 jurisdictions. In a nationwide settlement with the U.S. Trustee Program, Citigroup has agreed to redact proofs of claim filed in bankruptcy cases that contain sensitive consumer data.
The settlement, which was approved by the U.S. Bankruptcy Court for the Southern District of New York on March 13, 2012, requires Citigroup to notify affected consumers and offer them one year of free credit monitoring. Additionally, Citigroup must change its internal practices and procedures to prevent similar redaction errors from occurring in the future.
According to the U.S. Trustee Program, Citigroup’s subsidiaries failed to properly redact personal information, including Social Security numbers and birthdates, when filing bankruptcy proofs of claim. This led to the U.S. Trustee Program objecting to a motion filed by Citigroup, citing a lack of public notice and a verifiable solution to correct the problem.
During the verification process mandated by the settlement, Citigroup discovered an additional 50,000 improperly redacted proofs of claim. As a result, Citigroup prepared a plan of corrective action, which included the redaction of these additional filings.
Independent auditor Eric Dieterich of Sunera LLC concluded that Citigroup satisfied the requirements of the settlement and related corrective action plans. The auditor also found that Citigroup had implemented policies and procedures to prevent recurrence of the redaction error.
The U.S. Trustee Program, which is responsible for protecting the integrity of the bankruptcy system, has commended Citigroup for its cooperation and commitment to protecting consumer data. However, the incident highlights the importance of creditors and other parties to take steps to protect sensitive consumer information.
Defendant: Citigroup Inc.
Criminal Charges: Failing to protect consumer data
Location: New York
Date: 2012
Sentence: Settlement agreement
Amount: N/A
Related Federal Cases
- Citigroup Inc. Failed Living Will Review, New York NY, 2022 · Kansas
- Landsman Real Estate Services, Inc. CEO Roche, Tenant Harassment, New York 2023 · Alabama
- OrthopedicsNY, LLP Fined $500K for Patient Data Breach, New York NY… · New Hampshire
- Marine Park Distribution, Inc. and Formula Depot, Inc., Price Gouging, New York 2022 · New Hampshire
- Wojeski Company Fined for Data Breach Penalty, New York NY, 2023 · New York
Key Facts
- State: Federal
- Category: Cybercrime|White Collar Crime
- Source: DOJ Press Release â†â€â€
ðŸâ€Â’ Get the grimiest stories delivered weekly. Subscribe free →

