Wednesday, July 04, 2007

Not to worry, check processing company (Certegy) believes the 2.3 million stolen records will not be used for fraud!

Large data breaches are becoming a VERY frequent news event! This time only 2.3 million records were stolen, a mere fraction of the amount (45 million plus) TJX lost. In this instance, we are told we have nothing to fear because the information was sold to a data broker.

Ron Word of the AP (courtesy of the Washington Post) reports:

Fidelity National Information Services, a financial processing company, said yesterday that a worker at one of its subsidiaries stole 2.3 million consumer records containing credit card, bank account and other personal information.

This occurred at one of their subsidiaries, Certegy Check Services.

According to the article:


About 2.2 million records stolen from Certegy contained bank account information and 99,000 contained credit card information, company officials said.

Since Certegy verifies check transactions, this probably means a lot of checking account information in addition to some credit and personal information. From a financial crimes perspective, this information could be used to commit a lot of identity theft, check and credit card fraud.

The company claims the information was sold to data brokers, who sold it to direct marketers. Their president, Renz Nichols, "believes" this is the extent of the damage.

Not sure, if I can "believe" that no one is at risk. The last time I checked, identity thieves normally shy away from revealing exactly, who they intend to compromise next. It's bad for business. Besides that, is this based on the word of someone, who stole the information and sold it in the first place?

Interestingly enough, the data broker is unnamed at this point. The AP article does say they are claiming they didn't know the information was stolen. I wonder how this data broker verifies the information they get, and who they are getting it from?

Data brokers and credit bureaus sell information all the time. Recently, a data broker (InfoUSA) was caught selling direct marketing information to spammers, who commit lottery fraud schemes.

The sad thing is that once the information starts getting sold, it becomes available to more and more insiders, who might sell it to the wrong person, assuming it hasn't been already.

And there is so much information to be sold, no one is ever sure exactly where it came from. Criminals are even selling it via the Internet to other criminals.

AP Story (courtesy of the Washington Post), here.

Attrition.org is tracking data breaches, here. The amount of them that happen is pretty scary!

I've written a lot of about how data brokers make billions buying and selling our information, which can later used against us, here.

They don't believe they are enabling a worldwide problem, either.

At least that's what I keep hearing, whenever a new data breach is announced.

21 comments:

Anonymous said...

I just got a snail mail letter from Certegy about this very thing today. It references the last 4 digits of my bank account. I'll be discussing this with my bank tomorrow. Amazing....well, not really, I guess.

Anonymous said...

Same here....sounded 'phishy' to me. K

Anonymous said...

Received same letter last week referencing my checking acct. I had numerous calls back in Nov '06 asking me to please verify if "they" had the correct acct. info on file. Alerted bank; then googled these phone #'s which led me to a few sites with warnings from people who had id stolen or accts. hacked into and used fraudulently. Added my name to US DO NOT CALL registry and the ph. calls quickly stopped...Guess I need to recheck my acct. transactions too! WHAT A PAIN!! I HATE these types of SCAMS & all the people behind them!

Stephen said...

I also received the same type of letter and took it to my bank, just so they could keep a copy on file. It would be such a hassel to change to a new acct #, since I pay most of my bills through my banks online payments to safeguard mail theft... now this... go figure. They will keep a copy on file and gave me the number to their Loss Management for future need. Just be thankful you can verify a lot of supposed company names by use of the internet. When you receive an email saying you are the BIG WINNER or that they need your help to dispers large sums of money to the needy, copy some of the writing and paste it into Google and watch all of the scam letters pop up with exact or nearly exact wording. I you want to, forward it to (spam@uce.gov), put "SCAM" in the subject line then DELETE it.

Dwight said...

Received my snail mail yesterday, 7/25/2007. I'll turn it over to the local authorities today to my include my ID THEFT case.
Thank God my wife works at the bank and caught it early - only about $5000.00 damage.

Anonymous said...

I thought they said none of the information was being used by criminals?

Anonymous said...

Just rec'd my letter from Certegy and this happened over 4th of July weekend? They printed this letter on the 17th of July and I now get it in the mail today the 26th! Very responsible company...right. I now have to close out my Bank Account! In less than one year this has again happened to me! I am upset and annoyed at the fact that people do this kind of stuff to others so they can make money. Not thinking but about anything but *greed*. This is my personal information and it should not be compromised...ever! So much for Certegy and any other company like them...no more check writing for me!

Lauren said...

EVERYONE- IF YOU ARE INTERESTED IN JOINING A CLASS ACTION SUIT AGAINST CERTEGY, PLEASE E-MAIL LPLONG@YAHOO.COM.

WE ONLY NEED AT LEAST 40-50 MORE PEOPLE TO START THE PROCESS.

PLEASE SEND YOUR STORY, ESPECIALLY IF YOU HAVE ENCOUNTERED IDENTITY THEFT OR ANY MONETARY LOSSES.

LET'S MAKE CERTEGY REALIZE THAT A SIMPLE "APOLOGY" LETTER IS NOT ACCEPTABLE. MANY LIVES ARE AT STAKE AND INNOCENT PEOPLE ARE NOW IN DANGER.

I JUST FOUND OUT A FEW DAYS AGO THAT MY HUSBAND AND I ARE NOW THE VICTIMS OF IDENTITY THEFT. AS HE CALLED HIS CREDIT CARD COMPANY TO PROOVE HIS INNOCENCE, I REALIZED IT WAS ONLY A FEW DAYS AFTER THE LETTER WAS SENT THAT ALL OF THE FRAUDULENT CHECKS WERE WRITTEN ON HIS ACCOUNT. THAT IS NOT COINCIDENCE. I'VE NEVER HAD ANY IDENTITY LEFT ISSUES UNTIL A FEW DAYS AFTER I RECIEVED THAT LETTER FROM CERTEGY.

IT IS THEIR FAULT.

I TRIED CALLING THEM TO LET THEM KNOW, AND THEY TOLD ME "SORRY, THERE IS NOTHING WE CAN DO". THEY SAID THE ONLY THING I CAN DO IS CALL THE FTC, COMPLAIN, AND HOPE FOR THE BEST. THEY ALSO LET ME KNOW THAT THEY WOULD NOT HAVE ANY LIABILITY UNLESS THE FTC'S INVESTIGATION PROOVES THAT CERTEGY'S MISTAKE WAS WHAT CAUSED THE FRAUDULENT ACTIVITY ON HIS ACCOUNT.

SURELY SOMEONE WILL GET CAUGHT IF WE ALL STICK TOGETHER AND FIGHT THIS!

ONCE AGAIN, E-MAIL LPLONG@YAHOO.COM IMMEDIATELY!!

Anonymous said...

actually it has been used as fraud...my family is victim...they've drained the bank accounts!!

Theo said...

Looks like Certegy spoke with a forked tongue when they said none of this was going to be used for fraud.

Interesting how they all claim that and follow up isn't conducted by the media.

Anonymous said...

I think the days of keeping the cash under the mattress or in a cookie jar again are quickly approaching. I trust my dog to protect my house from criminals far more than I trust my personal information (and who has it)that is supposedly secure in cyberspace. There will never be a "fool-proof" method to stop these criminals who, by the way, deserve everything they get including a prison sentence and ALL that goes with it.

JCM07 said...

I received a letter from Tampa, Florida today written on July 17th. The Certegy.com website listed on the letter is registered to FIS Security,

Little Rock, Arkansas.

why are am i getting letters supposedly from Florida (yeah the envelope doesn't say) and the site is registered to Arkansas? is my information really stolen? their site seems very empty too.

Karen said...

Two weeks before receiving this same letter dated the 17th but received on the 26th, I got a call from my credit card company saying someone tried to use my card to buy over $2000 worth of stuff from a nursery in Florida. My account number has since been changed. Luckily, they refused the transaction. Spooky. I thought it was an innocent mistake until now.

Ed Dickson said...

There is a link at the bottom to a more recent post. The number of compromised has gone up, significantly!

Certegy is still claiming none of the information is being used for fraud.

Recommends the victims leaving comments notify the Florida AG (linked to latest post).

Also, if anyone would give me specific (verifiable) information, I would consider doing a post myself.

My e-mail is EdwardDickson@SBCGlobal.net

Anonymous said...

I received the Certegy letter on July 5, and was a victim of fraud within weeks. I Someone used my debit card information (which was in my possession) in New Jersey for two transactions totalling about $700.

Luckily my bank noticed this and cancelled the card, but I am still out the money right now and who knows what will happen with the fraud report. I think Certegy should be responsible.

Anonymous said...

I am a victim of this as well. Got the Certegy letter on July 5 and within 2 weeks, my debit card had been used for purchases in NJ (the card was never out of my possession).

Luckily, my bank put the card on hold when they saw these anomalous purchases happeneing with the card in NJ while I was still in AR.

I will definitely file a complaint.

Angela H.

Anonymous said...

Certegy is full of "nevermind" when they say our personal info can't be used for fraud. I will be opening a new checking account, and maintaining the old one while I switch over direct deposits and withdrawals. It will definitely be a pain, but more than worth it. Also, suggest anyone who's gotten these notifications sign up for credit monitoring, as I expect my identity may be on the way to being compromised: the letter I received was addressed to me at my home business name, but the breached account was my personal acount.

Have seen no fraud yet, but happy I am a bit compulsive about checking my records online, at least 2 to 3 tmes a week. Suggest everyone do the same, of course on a secure PC.

Good luck!

Anonymous said...

Also receved a notification letter about my personal checking account.

I will be opening a new account, and maintaining the old one with a minimum amout of cash, until I can reoute direct deposits and withdrawals. It's more than worth the inconvenience.

What creeps me out is that the info I received was for my personal account, while Certegy's letter was addressed to my home business LLC, which is with a different bank.

Thak heaven I am somewhat compulsive about checking my bank and credit accounts 2 to 3 times per week -- using a secure PC, of course.

Good luck!

Belinda said...

My husband and I also had close to $5000 taken in the form of fraudlent checks written in the state of Maryland where we live and also in PA and Virginia. Now my drivers license number is being used to pass the fraudlent checks from our account that since has been closed and flagged, as well as checks from others accounts. Certegy lied to us saying that no one else has alerted them to any problems that we are the only ones who have called and complained. I have alerted all 3 credit reporting companies, we are selling our home now and moving to PA...and are hoping that taking all the correct steps after we discovered all of this will be enough so that we don't run into any problems buying our new home in PA. The law states that once you prove ID theift that the credit reporting companies can not show any of the trouble from the identity theift. Certegy is even lieing to stores that use their service such as macys, Target etc...I did contact Macys and spoke with the store manager that I know to alert her to Certegys lies as well. I have become a member of a class action suite being handled in Washington DC against Certegy, as someone stated...I am sorry is not nearly enough, considering all the trouble they have caused us. We all need to become part of a class action suite and show Certgey what happens when a company ends up hurting the public and then trying to hide it and lie about...I am sorry does not cut it Certegy!

Anonymous said...

As one of the people who received a letter from Certagy regarding this breach, I can tell you that fraud can, will, and in my case, has occurred. They hit my checking account to the tune of nearly $8,000; fortunately, I caught them when I received my bank statement after they had written over $7,000 worth of checks on my account. What really got me about the letter from Certagy was the statement that said,"According to our investigation, no action has been taken on this account as of yet"; big surprise, folks, they had already hit this account for over $7,000 and continued to write 4 more checks after I closed out the account. If I were not a meticulously cautious person who checks the statement each month, they could have cleaned me out entirely. Fortunately for me, my bank reimbursed me for the lost money, but someone out their lost money, either the bank or the stores that accepted the fraudulent checks.

Cautious

Anonymous said...

This past year someone bought 2 gun's in mexico using a fradulent visa check card who's numbers matched my account but the card presented another name. Never thought this would happen to us.. Just recently I've learned about Certegy. Now, I'm pretty sure I know what happened. I had a declined check from them just 2 days ago. I had no idea, then I started to research this company. Thank Goodness I did!!