And the hits just keep on coming for the banking industry. Yesterday, CitiFinancial, the consumer-finance division of banking titan Citigroup (NYSE:C), announced that it had pulled a Bank of America (NYSE:BAC): It lost data tapes containing account information on 3.9 million of its U.S. customers. Whoops.

OK, before I get Citi's investor-relations department screaming at me, Citigroup didn't actually lose the tapes itself. At the time of the actual fumble, Citigroup's courier, UPS (NYSE:UPS), was in possession of the ball.

If you think you've heard this before, well, you probably have. I've already alluded to the incident last December in which Bank of America's couriers lost tapes containing a million-plus customer records. That started the ball rolling, and since then, it's only picked up speed. We've learned that:

  • Ameritrade (NASDAQ:AMTD) and Motley Fool Stock Advisor pick Time Warner (NYSE:TWX) also suffered losses of personally identifiable data on their customers and employees, respectively, through contractors misplacing data tapes. Total loss: approximately 600,000 records.

  • Information brokers ChoicePoint (NYSE:CPS) and Reed Elsevier fell victim to different types of scams perpetrated by identity thieves to gain access to their records on U.S. consumers. Total loss: upwards of 450,000 records.

  • Retailers Retail Ventures, BJ's Wholesale Club, and Polo Ralph Lauren had their customer credit card databases ransacked. Total loss: more than 1.6 million records.

  • Employees at Wachovia (NYSE:WB) and BoA have been stealing customer data from their employers and selling it to debt-collection firms. Total loss: more than 100,000 records.

There is, however, a bright side to this generally gloomy picture. With all of the publicity this problem has been receiving lately, more firms are doing the right thing and paying for credit-monitoring services for the victims. Citigroup is anteing up for just 90 days of monitoring, whereas Ameritrade, ChoicePoint, and Reed all offered to pay for a year's credit monitoring for at least some of the victims. So even though the efforts are half-hearted at times, something is better than nothing.

What's more, companies are no longer sitting on news of security breaches as long as they used to. In the worst case, Reed's Seisint subsidiary had apparently been leaking data for years -- but it told people about it only this year. In contrast, Citigroup began informing victims of its own data fumble just two weeks after discovering it -- and only waited that long at the request of the Secret Service.

Still, while we applaud the firms' efforts to do the right thing to repair the damage, we'd much prefer to see them ensure that the thefts, losses, and mishaps don't occur in the first place.

Read more about who's stealing -- and who's misplacing -- your identity in:

Fool contributor Rich Smith owns no shares in any company mentioned in this article.