Certegy's ID breach lost 8.5 million names

Share this content:

In an updated filing with the Securities and Exchange Commission, Fidelity National Information Services revealed that about 8.5 million consumer records were stolen at the time of a data breach at subsidiary company Certegy.

The company previously reported only 2.3 million were stolen.

According to a civil complaint filed by Certegy in the Circuit Court of the Sixth Judicial Circuit in St. Petersburg, FL, the employee was senior level database administrator William G. Sullivan, who had been employed by the company for seven years and who was entrusted with defining and enforcing data access rights.

According to the initial filing, Sullivan obtained information from Certegy's database. It said either individually or through Sullivan's wholly owned entity, S&S, he was paid for the information by list broker JAM Marketing Inc. JAM went on to disseminate the misappropriated information to other direct marketing firms, including Strategia Marketing LLC, Data Secure IP LLC, MC List Escrow Inc.; Quality Resources Inc.; Whitehat.com Inc; and Quality Teleservices Management Inc., doing business as Custom Response Teleservices.

In the court document, Certegy said that the broker and the direct-marketing companies were not aware that the information had been stolen.

"To date, after elimination of duplications and invalid data, the company has determined that approximately 8.5 million consumer records were stolen," the new SEC filing says. "Some of these records contained only identifying information, for example, name, address, telephone number and, in some cases, date of birth."

About 5.7 million of the records included checking account records and about 1.5 million included credit card records, according to the company.

Certegy and Fidelity National Information Services did not return calls and e-mails.

"This is an incremental increase of approximately 3.5 million checking account records and approximately 1.4 million credit card records over our announcement on July 3, 2007," the filing said.

The company has determined that a portion of the stolen credit card information was derived from its credit card issuance business.

Because the investigation is continuing, it is possible that more records may be identified in the future, according to the filing.

There is no evidence of the stolen data being used for anything other than marketing purposes.

The company does not expect significant liability to consumers or institutions for financial fraud.However, it said there can be no assurance that this matter will not result in fines or other consequences that adversely impact the company or its relationship with governing organizations, customers or regulators.


Next Article in Data/Analytics

Sign up to our newsletters

Company of the Week

PAN Communications is an award-winning integrated marketing and public relations agency for B2B technology and healthcare brands. PAN's data-driven approach allows the firm to specialize in public relations, social media, content and influencer marketing, and data and analytics. PAN partners with brands to create unique, integrated campaigns that captivate audiences and drive measurable results. PAN services clients out of the firm's four offices: Boston, San Francisco, New York City and Orlando.

Find out more here »

Career Center

Check out hundreds of exciting professional opportunities available on DMN's Career Center.  
Explore careers in digital marketing, sales, eCommerce, marketing communications, IT, data strategies, and much more. And don't forget to update your resume so employers can contact you privately about job opportunities.

>>Click Here

Relive the 2017 Marketing Hall of Femme

Click the image above