Saturday, July 28, 2007

Certegy reveals their data breach is a lot larger than originally reported

Earlier this month, I blogged about the Certegy data breach, where a not very HONEST employee got caught selling information to an unidentified data-broker. Certegy was quick to assure the public that none of this information would be used to commit fraud because it was being used by "legitimate marketing firms."

Now the number of records (people compromised) has risen significantly after Certegy filed a report with the Securities and Exchange Commission.

The Tampa Bay Business Journal Reports:

An ongoing investigation has determined that about 8.5 million consumer records were stolen, according to a July 25 Securities and Exchange Commission filing by Fidelity National Information Services Inc. (NYSE: FIS), the Jacksonville-based parent company of St. Petersburg-based Certegy.
According to Fidelity, Certegy's parent company the investigation is continuing and this number could grow.

Florida Attorney General Bill McCollom listed some useful information for victims in a press release, which said:

For more information, consumers may call Certegy at 866-498-9916 or may visit their website at http://www.certegy.com. Affected consumers are encouraged to take the precautionary steps outlined in the Certegy letter, including obtaining a free fraud alert from one of the credit reporting agencies. Furthermore, if consumers believe at any time they are victims of identity theft, they should report this to the police and request that the national credit bureaus place a fraud alert on their credit reports. Consumers should also notify banks and creditors involved of questionable charges or accounts, keep records of all telephone calls and follow up in writing with credit bureaus, banks and creditors.

If you received a letter from Certegy and you continue to receive marketing calls that you suspect result from this data breach, please report this activity to the Attorney General’s Citizens Services Hotline at 1-866-9-No SCAM (1-866-966-7226). Additional information about protecting yourself from identity theft is available online at http://www.myfloridalegal.com/identitytheft.


I've received a lot of comments on my original post, including some (anonymous) claiming their information was used for fraud. Unfortunately, I cannot verify this information, but someone with the e-mail address LPLong@Yahoo.com claims to be collecting victims to file a class action law suit.

My original post with comments, here.

Press release from Florida Attorney General (Bill McCollom), here.

Note this is probably the right place to verify information, if you receive a letter. If you believe you are fraud victim based on the Certegy breach, I would let them know about it, also.

Tampa Bay Business Journal article, here.

10 comments:

Risk Manager said...

I think there is a bigger issue here that Certegy does not "own" the data that was stolen but in fact it is records of Certegy customers like businesses that contract Certegy for check-cashing services. I would ask Certegy to confirm what they store on their systems, how long they store it and why bank account and credit card numbers are stored AND investigate if Certegy violated any Visa/PCI mandates.

Anonymous said...

Here's a link to a possible class action lawsuit:
http://www.girardgibbs.com/certegy.html?gclid=CK6ewITW5o0CFR3PggodB1S

Anonymous said...

Girard Gibbs LLP Announces Class Action Lawsuit Against Certegy

The law firm of Girard Gibbs LLP (www.girardgibbs.com) has filed a class action complaint on behalf of approximately 8.5 million consumers nationwide whose financial and personal data was stolen by an employee of Certegy Check Services, Inc. and Fidelity National Information Services, Inc (NYSE:FIS) and released to unauthorized third parties. The complaint alleges that a senior database administrator misappropriated the confidential information of millions of consumers and then sold the data to direct marketing firms and data brokers who may have resold it to others.

"Certegy and FIS had a duty to safeguard the confidential data of consumers from any breach, including that of their employees. Once the internal breach became known, it should have been communicated to the public in a timely and adequate manner," said Eric Gibbs, one of the attorneys for the plaintiff. "The failure by these companies to make the internal data breach immediately known exposed consumers to direct marketing campaigns and the risk of unauthorized use of their bank accounts and identity theft."

The case was brought by a Los Angeles, California resident who, prior to the public announcement by Certegy and FIS of the data breach, started noticing an influx of direct marketing and promotional offers as well as phone calls to his home. After subsequently receiving a letter from Certegy informing him that his personal data may have been compromised by one of its employees, the plaintiff engaged a credit monitoring service.

Certegy and FIS merged in January of 2006. Certegy provides check-verification services to major U.S. retailers such as Wal-Mart, Sears, Bed Bath&Beyond and Amazon.com. Due to the nature of the services provided by Certegy and FIS, and their undisclosed role in financial transactions, consumers do not choose to use the services of these companies but rather are forced to do so.

The complaint alleges that Certegy and FIS failed to implement and maintain adequate security measures to protect consumers' confidential financial and personal information. Their failure to properly monitor and supervise their employee subjected consumers to risk of data theft and other fraudulent actions.

The class action lawsuit was filed in federal district court for the Central District of California on August 14, 2007. It asserts claims of negligence, invasion of privacy and breach of implied contract.

Girard Gibbs LLP is one of the nation's leading firms in prosecuting class actions and other lawsuits involving consumer fraud. For more information about this case, please contact Girard Gibbs LLP toll-free at (866) 981-4800 or through our website www.girardgibbs.com.

Anonymous said...

i did receive a letter from certegy in july stating that my checking account information was stolen. i write checks and try to avoid using my credit card, specifically for this reason, and was very distressed to get this letter. a telephone call to certegy resulted in me being told that my complaint would be sent to "corporate" in florida, and that i should be aware that there are 8.3 million others in the boat with me. some solace! i feel like suing the asses off them, i'm so angry! so, it was GREAT to see the email from someone who is considering a class-action law suit. sign me up!

TeaRowz said...

Please see:
http://www.safeplacestylings.com/certegyalert.html
for information about the possible correlation between the Certegy security breach, and ID theft.

TeaRowz said...

Please see:
http://www.safeplacestylings.com/certegyalert.html
for information about the possible correlation between the Certegy security breach, and ID theft.

TeaRowz said...

Please see:
http://www.safeplacestylings.com/certegyalert.html
for information about the possible correlation between the Certegy security breach, and ID theft.

Anonymous said...

Certegy's data breach involved more employees than just Mr. Sullivan. Jerry Marshall has also been implicated in this crime. Marshall has been released from his position as supervisor, overseeing Sullivan.

Anonymous said...

I have been a victim of this situation and it is horrible. Please if any knowswhat I can so contact me at chellesoutlet@yahoo.com

Anonymous said...

Jerry Marshall has gone to jail for his role in the thiefts.