Certegy's ID breach lost 8.5 million names

Share this content:

In an updated filing with the Securities and Exchange Commission, Fidelity National Information Services revealed that about 8.5 million consumer records were stolen at the time of a data breach at subsidiary company Certegy.

The company previously reported only 2.3 million were stolen.

According to a civil complaint filed by Certegy in the Circuit Court of the Sixth Judicial Circuit in St. Petersburg, FL, the employee was senior level database administrator William G. Sullivan, who had been employed by the company for seven years and who was entrusted with defining and enforcing data access rights.

According to the initial filing, Sullivan obtained information from Certegy's database. It said either individually or through Sullivan's wholly owned entity, S&S, he was paid for the information by list broker JAM Marketing Inc. JAM went on to disseminate the misappropriated information to other direct marketing firms, including Strategia Marketing LLC, Data Secure IP LLC, MC List Escrow Inc.; Quality Resources Inc.; Whitehat.com Inc; and Quality Teleservices Management Inc., doing business as Custom Response Teleservices.

In the court document, Certegy said that the broker and the direct-marketing companies were not aware that the information had been stolen.

"To date, after elimination of duplications and invalid data, the company has determined that approximately 8.5 million consumer records were stolen," the new SEC filing says. "Some of these records contained only identifying information, for example, name, address, telephone number and, in some cases, date of birth."

About 5.7 million of the records included checking account records and about 1.5 million included credit card records, according to the company.

Certegy and Fidelity National Information Services did not return calls and e-mails.

"This is an incremental increase of approximately 3.5 million checking account records and approximately 1.4 million credit card records over our announcement on July 3, 2007," the filing said.

The company has determined that a portion of the stolen credit card information was derived from its credit card issuance business.

Because the investigation is continuing, it is possible that more records may be identified in the future, according to the filing.

There is no evidence of the stolen data being used for anything other than marketing purposes.

The company does not expect significant liability to consumers or institutions for financial fraud.However, it said there can be no assurance that this matter will not result in fines or other consequences that adversely impact the company or its relationship with governing organizations, customers or regulators.


Next Article in Data/Analytics

Sign up to our newsletters

Company of the Week

Since 1985, Melissa has helped thousands of companies clean, correct and complete contact data to better target and communicate with their customers. We offer a full spectrum of data quality solutions, including global address, phone, email, and name validation, identify verification - available for batch or real-time processes, in the Cloud or on-premise. Our service bureau provides dedupe, email/phone append and geographic/demographic append services for better targeting and insight. For direct mailers, Melissa offers easy-to-use address management/postal software, list hygiene services and 100s of specialty mailing lists - all with competitive pricing and excellent customer service.

Find out more here »

Career Center

Check out hundreds of exciting professional opportunities available on DMN's Career Center.  
Explore careers in digital marketing, sales, eCommerce, marketing communications, IT, data strategies, and much more. And don't forget to update your resume so employers can contact you privately about job opportunities.

>>Click Here

Relive the 2017 Marketing Hall of Femme

Click the image above