BreachExchange mailing list archives
(update) Fidelity National Information Services Announces Misappropriation...
From: lyger <lyger () attrition org>
Date: Tue, 3 Jul 2007 16:46:33 +0000 (UTC)
(More details than you can shake a stick at. It should also be noted that the "Fidelity" in this instance is NOT related to Fidelity Investments or their subsidiary, National Financial.) http://money.cnn.com/news/newsfeeds/articles/prnewswire/CLTU02603072007-1.htm Fidelity National Information Services, Inc. , announced today that its subsidiary, Certegy Check Services, Inc. ("Certegy"), a service provider to U.S. retail merchants, based in St. Petersburg, Florida, was victimized by a former employee who misappropriated and sold consumer information to a data broker who in turn sold a subset of that data to a limited number of direct marketing organizations. The incident does not involve any outside intrusion into, or compromise of, Certegy's technology systems. "As a result of this apparent theft, the consumers affected received marketing solicitations from the companies that bought the data," said Renz Nichols, President of Certegy Check Services. "We have no reason to believe that the theft resulted in any subsequent fraudulent activity or financial damage to the consumer, and we are taking the necessary steps to see that any further use of the data stops." Background Certegy maintains bank account information in connection with its check authorization business that helps merchants to decide whether to accept checks as payment for goods and services. In addition, Certegy maintains check and credit card information in connection with its gaming operations that are designed to assist casinos in providing their customers with access to funds. This theft came to light when one of Certegy's retail check processing customers alerted Certegy to a correlation between a small number of check transactions and the receipt by the retailer's customers of direct telephone solicitations and mailed marketing materials. Certegy launched an immediate investigation and was unable to detect any breach of its security systems and, thereafter, engaged a forensic investigator to validate its findings. Unable to detect any compromise in its firewalls and other system security measures, Certegy requested that the U.S. Secret Service contact the marketing companies in question to trace the source of the data. The Secret Service was able to identify the company supplying the information and, with further assistance from Certegy, determined that the company was owned and operated by a Certegy employee. The employee was a senior level database administrator who was entrusted with defining and enforcing data access rights. To avoid detection, the technician removed the information from Certegy's facility via physical processes; not electronic transmission. [...] _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tracking more than 211 million compromised records in 716 incidents over 7 years.
Current thread:
- (update) Fidelity National Information Services Announces Misappropriation... lyger (Jul 03)
- New GAO Report on Data Breaches and ID Theft Chris Walsh (Jul 05)