Credit agency suffers 'misappropriation' of 2.3 million consumer records
Florida-based Fidelity National Information Services on Tuesday announced a "misappropriation of consumer data" by a former employee of its Certegy Check Services subsidiary.
The former employee allegedly sold 2.3 million consumer records to a data broker who, in turn, sold the information to various marketing organizations. The records contained information on 2.2 million bank accounts and 990,000 credit card accounts, according to FIS.
"We have no reason to believe that the theft resulted in any subsequent fraudulent activity or financial damage to the consumer, and we are taking the necessary steps to see that any further use of the data stops," Certegy President Renz Nichols said in a statement.
As a precaution against identity theft, Certegy has notified major credit agencies and plans to soon notify all consumers affected by the data breach.
As CNET's resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security. Listen to his podcast at securitybites.cnet.com or e-mail Robert with your questions and comments. 





While FNIS's Certegy group's president Renz Nichols says. "We have no reason to believe that the theft resulted in any subsequent fraudulent activity or financial damage to the consumer." Who's to say the data brokerage firms this FNIS employee sold the records to also has unscrupulous employees?
People can work an entire lifetime to become financially successful and incidents like these put their financial futures in jeopardy http://www.essentialsecurity.com/news.htm?pagename=Protecting_Your_Personal_Financial_Information_(PFI)
controls" simply because of the amount of data this employee
was able to obtain.
For all you know, the employee might have been a database
administrator with admin access to the system that holds the
records. Or they might have been someone who dealt with
selling large quantities of data as part of their normal job, in
which case, again, they could legitimately have access to the
records in bulk.
We simply don't know (not from this article, anyway) who the
employee was or how they got hold of the data, so speculating
as to who was really at fault here is largely irrelevant. (Also, to
my mind, it will *always* be the employee who was at fault here,
since it was the employee that chose to distribute the data
illegally, *even if* the only reason they were able to get it was
that their employer was naïve.)
- Consumer Records
- by 46OldGoat51 July 3, 2007 1:58 PM PDT
- The former employee, the data broker and those marketing organizations who bought the information with the knowledge that it had been obtained illegally should be prosecuted to the fullest extent of the law.
- Like this Reply to this comment
-
(4 Comments)