What was troublesome -- for the people compromised at least -- was the fact that their personal and financial information was sold to entities that still haven't been disclosed. The financial information I'm referring to included checking, credit card and debit card account information.
Yesterday, it was announced that the dishonest Certegy employee involved, one William Sullivan agreed to plead guilty for what is what is being termed a "reduced sentence."
Marjorie Manning of the Jacksonville Business Journal wrote:
Sullivan faces up to five years in prison and a fine of $250,000 on each count, although the U.S. Attorney's office will recommend a shorter sentence because of Sullivan's acceptance of responsibility, the plea agreement said.Even more amazing, many months into this, the data broker who bought the information from Sullivan is merely listed in the legal proceedings as a "co-conspirator."
Sullivan also will be required to make restitution to Fidelity, the filing said.
Sentencing was scheduled for Nov. 21, but Sullivan's attorney has asked the court for a delay because of the attorney's travel plans over the Thanksgiving holiday.
Fidelity has said that it has no evidence of the stolen information being used for anything other than marketing purposes, but the company faces several class action lawsuits alleging damage as a consequence of the theft.
Here is a snippet from the article about the co-conspirator:
The scheme was broader than initially disclosed July 3 by FIS. According to court documents, Sullivan agreed with the co-conspirator to steal the consumer information beginning in at least 2002, and Sullivan was paid more than $580,000 over the course of the conspiracy for the data.FIS (Fidelity National Information Services Inc.) is Certegy's parent company.
I did a few posts on the breach, shortly after it occurred and a lot of angry people left comments on them. Some of them seemed to disagree with the official statement that the information was never used.
Here are the posts:
Not to worry, check processing company (Certegy) believes the 2.3 million stolen records will not be used for fraud!
Certegy reveals their data breach is a lot larger than originally reported
Class action law suit filed against Certegy for data breach
In all fairness, it's hard to vet the comments I get on a post. That being said, I saw a lot of angry people leave some pretty interesting comments.
Couple this with the fact that the information broker (named as a co-conspirator) hasn't been named yet and the story leaves a lot of details, which remain a mystery.
The article doesn't seem to specify how many counts Sullivan is pleading guilty to. Hopefully once the sentence is announced, we aren't going to have a lot of victims (8.5 million of them) feeling like he got a slap on the wrist!