[ISN] Database Administrator Blamed For Stealing Info On 2.3 Million Consumers

From: InfoSec News (alerts@private)
Date: Tue Jul 03 2007 - 22:34:16 PDT


http://www.informationweek.com/news/showArticle.jhtml?articleID=200900234

By Sharon Gaudin
InformationWeek
July 3, 2007

A senior level database administrator for a subsidiary of Fidelity 
National Information Services is being accused of stealing and selling 
sensitive information on 2.3 million consumers.

The now former employee whose name was not released allegedly took the 
information and sold it to a data broker, who in turn sold the 
information to several direct marketing companies, according to an 
online release posted by Fidelity National, which is a financial 
processing company.

"As a result of this apparent theft, the consumers affected received 
marketing solicitations from the companies that bought the data," said 
Renz Nichols, president of Certegy Check Services, in a written 
statement. "We have no reason to believe that the theft resulted in any 
subsequent fraudulent activity or financial damage to the consumer, and 
we are taking the necessary steps to see that any further use of the 
data stops."

Fidelity National noted its researchers believe that about 2.3 million 
have been compromised, with approximately 2.2 million containing bank 
account information and 99,000 containing credit card information. 
They're still investigating when the alleged theft occurred.

The database administrator, who worked for Certegy Check Services, Inc., 
had access to the information as part of his job responsibilities but 
did not have the authority to actually remove any of the information, 
according to Fidelity. The administrator has been fired and Certegy 
filed a civil complaint in a St. Petersburg, Fla. Court against him and 
the marketing companies that bought the information. Fidelity National 
reported that it is seeking the return of all the consumer information, 
as well as an injunction against its use.

The company also said in the release that it is pushing authorities to 
file criminal charges.

Certegy, which runs a check authorization business, maintains bank 
account information to help merchants decide whether to accept checks as 
payment. The company also maintains check and credit card information in 
connection with its gaming operations that are designed to help casinos 
provide customers with access to funds.

Fidelity National said one of Certegy's customers reported suspicious 
solicitations and marketing materials. An investigation found that the 
company's security systems had not been breached, so they called in the 
U.S. Secret Service, which often investigates financial crimes. The 
Secret Service, according to Fidelity, then traced the leak back to the 
database administrator.


_____________________________________________________
Attend Black Hat USA, July 28-August 2 in Las Vegas, 
the world's premier technical event for ICT security 
experts. Featuring 30 hands-on training courses and 
90 Briefings presentations with lots of new content 
and new tools. Network with 4,000 delegates from 
70 nations.   Visit product displays by 30 top
sponsors in a relaxed setting. Rates increase on 
June 1 so register today. http://www.blackhat.com



This archive was generated by hypermail 2.1.3 : Tue Jul 03 2007 - 22:54:57 PDT