The United Parcel Service invests more than $1 billion a year on technology—smart labels, wireless handheld computers for drivers and efficient delivery plans—to help its customers ship packages. But it can’t eliminate human error.
All that technology couldn’t prevent the company from losing a box of computer tapes containing names, Social Security numbers, account numbers and payment histories of 3.9 million customers of CitiFinancial, the consumer finance unit of Citigroup.
The loss on May 2 was due to human error, UPS says. The error: not using technology. A driver failed to scan the box—destined for the Texas branch of the credit bureau Experian—when he picked it up from a Citigroup facility in New Jersey. Experian gets updates from Citigroup on customers’ credit histories once a month.
Normally, when UPS picks up a box, it is scanned at several points—sorting facilities, trucks, airports, planes—en route to its destination. This enables the shipper, the recipient and the parcel service to track the whereabouts of any package. But the driver’s error rendered all of those electronic tracking mechanisms useless. The only information available on this particular box, one of several Citigroup shipped that day, was what Citigroup entered into UPS’ system for the pickup.
“We can’t tell if it made it out of the building,” says Donna Barrett, UPS’ technology public relations manager.
It’s impossible to tell whether this is an isolated incident. UPS doesn’t disclose the number of boxes out of its 14.1 million daily packages that never reach their destinations. But this is not the first large loss of customer records this year. Time Warner in May said archiver Iron Mountain lost track of a cooler-sized container that held records of 600,000 current and former employees. Bank of America lost backup tapes with 1.2 million federal-employee records.
Exact details of what went wrong in the Citigroup case are unclear.
One issue may be the rules Citigroup set up in its UPS WorldShip software to receive “exception notices,” or messages signaling that a box didn’t get to its destination. Citigroup had gotten exception notices before, but unless it specified a rule—say, that an e-mail should be sent if a box doesn’t arrive at its destination within six days—the company wouldn’t necessarily have received one in this case. Regardless, Citigroup didn’t get an exception notice and the bank assumed all was well with the shipment.
Instead, the loss of the box was discovered by Experian during a routine audit nearly three weeks after CitiFinancial shipped the tapes.
According to Citigroup security procedures, the entire pickup would have been videotaped. The boxes would be put in a special, locked part of the truck. The driver, says one party familiar with the investigation, did scan the bar code on a summary sheet of the boxes, but not codes on individual boxes. The truck may have left with all the packages. The other boxes reached Experian.
Experian informed Citigroup that the one box hadn’t arrived, according to Donald Girard, Experian’s vice president of public affairs. Citigroup then informed UPS, Barrett says.
A logistics consultant familiar with package delivery operations says it’s not unusual for packages to be entered into UPS’ system but not shipped. Sometimes the shipper changes the order without voiding the previous one. “UPS is not going to call you and say you manifested 17 packages and we only got 16,” the consultant says. “If they did that, they would only call customers all day.”
Citigroup sent letters to affected customers on June 6, in accordance with a California law requiring companies to notify state residents if their personal data has been breached. The letter said Citigroup “deeply regrets” the incident occurred and noted it will begin sending information to credit bureaus electronically and encrypting it in July.
At presstime, UPS was still working with Citigroup to find out what happened to the box. Barrett says the parcel service’s senior managers are reviewing the incident and will recommend changes if needed.
The conclusion so far? No changes are needed. As Barrett puts it: “Someone can make a mistake.”
