http://www.informationweek.com/news/showArticle.jhtml?articleID=200900234 By Sharon Gaudin InformationWeek July 3, 2007 A senior level database administrator for a subsidiary of Fidelity National Information Services is being accused of stealing and selling sensitive information on 2.3 million consumers. The now former employee whose name was not released allegedly took the information and sold it to a data broker, who in turn sold the information to several direct marketing companies, according to an online release posted by Fidelity National, which is a financial processing company. "As a result of this apparent theft, the consumers affected received marketing solicitations from the companies that bought the data," said Renz Nichols, president of Certegy Check Services, in a written statement. "We have no reason to believe that the theft resulted in any subsequent fraudulent activity or financial damage to the consumer, and we are taking the necessary steps to see that any further use of the data stops." Fidelity National noted its researchers believe that about 2.3 million have been compromised, with approximately 2.2 million containing bank account information and 99,000 containing credit card information. They're still investigating when the alleged theft occurred. The database administrator, who worked for Certegy Check Services, Inc., had access to the information as part of his job responsibilities but did not have the authority to actually remove any of the information, according to Fidelity. The administrator has been fired and Certegy filed a civil complaint in a St. Petersburg, Fla. Court against him and the marketing companies that bought the information. Fidelity National reported that it is seeking the return of all the consumer information, as well as an injunction against its use. The company also said in the release that it is pushing authorities to file criminal charges. Certegy, which runs a check authorization business, maintains bank account information to help merchants decide whether to accept checks as payment. The company also maintains check and credit card information in connection with its gaming operations that are designed to help casinos provide customers with access to funds. Fidelity National said one of Certegy's customers reported suspicious solicitations and marketing materials. An investigation found that the company's security systems had not been breached, so they called in the U.S. Secret Service, which often investigates financial crimes. The Secret Service, according to Fidelity, then traced the leak back to the database administrator. _____________________________________________________ Attend Black Hat USA, July 28-August 2 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 30 hands-on training courses and 90 Briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 70 nations. Visit product displays by 30 top sponsors in a relaxed setting. Rates increase on June 1 so register today. http://www.blackhat.com
This archive was generated by hypermail 2.1.3 : Tue Jul 03 2007 - 22:54:57 PDT