By Sharon Gaudin
July 3, 2007
A senior level database administrator for a subsidiary of Fidelity
National Information Services is being accused of stealing and selling
sensitive information on 2.3 million consumers.
The now former employee whose name was not released allegedly took the
information and sold it to a data broker, who in turn sold the
information to several direct marketing companies, according to an
online release posted by Fidelity National, which is a financial
"As a result of this apparent theft, the consumers affected received
marketing solicitations from the companies that bought the data," said
Renz Nichols, president of Certegy Check Services, in a written
statement. "We have no reason to believe that the theft resulted in any
subsequent fraudulent activity or financial damage to the consumer, and
we are taking the necessary steps to see that any further use of the
Fidelity National noted its researchers believe that about 2.3 million
have been compromised, with approximately 2.2 million containing bank
account information and 99,000 containing credit card information.
They're still investigating when the alleged theft occurred.
The database administrator, who worked for Certegy Check Services, Inc.,
had access to the information as part of his job responsibilities but
did not have the authority to actually remove any of the information,
according to Fidelity. The administrator has been fired and Certegy
filed a civil complaint in a St. Petersburg, Fla. Court against him and
the marketing companies that bought the information. Fidelity National
reported that it is seeking the return of all the consumer information,
as well as an injunction against its use.
The company also said in the release that it is pushing authorities to
file criminal charges.
Certegy, which runs a check authorization business, maintains bank
account information to help merchants decide whether to accept checks as
payment. The company also maintains check and credit card information in
connection with its gaming operations that are designed to help casinos
provide customers with access to funds.
Fidelity National said one of Certegy's customers reported suspicious
solicitations and marketing materials. An investigation found that the
company's security systems had not been breached, so they called in the
U.S. Secret Service, which often investigates financial crimes. The
Secret Service, according to Fidelity, then traced the leak back to the
Attend Black Hat USA, July 28-August 2 in Las Vegas,
the world's premier technical event for ICT security
experts. Featuring 30 hands-on training courses and
90 Briefings presentations with lots of new content
and new tools. Network with 4,000 delegates from
70 nations. Visit product displays by 30 top
sponsors in a relaxed setting. Rates increase on
June 1 so register today. http://www.blackhat.com