Citgroup has confirmed that it"s investigating a data breach involving the names, Social Security numbers and credit information of 5,208 customers inadvertently leaked by an employee of its ABN Amro Mortgage Group unit onto the LimeWire peer-to-peer file-sharing network. Ad Tiversa, a company that monitors P2P networks on behalf of clients, told eWEEK that it found Excel spreadsheets from the desktop of a financial analyst ABN Amro Mortgage Group running LimeWire. Although Tiversa found over 10,000 files, deduplication revealed only 5,208 unique Social Security numbers, along with names and what type of mortgage each customer had: conventional, 30-year or conforming, for example.
The information is likely to have been exposed to millions of LimeWire users, given that there are at least 10 million nodes online in a P2P file-sharing network at any point in time, said Chris Gormley, Tiversa"s chief operating officer. "As an identity thief, [that gives you] the keys to [those individuals"] digital life," Gormley said. According to a Dow Jones Newswire report, the ABN employee responsible for posting the data signed up last year to use a LimeWire-like P2P service and inadvertently exposed not only the spreadsheet but also personal documents, including her resume and a Travelocity confirmation of a family trip. The woman told the news service that she was laid off this summer and wasn"t aware of the breach before Dow Jones contacted her on Sept. 20.