July 3, 2007 10:46 AM PDT

Credit agency suffers 'misappropriation' of 2.3 million consumer records

by Robert Vamosi
  • Font size
  • Print
  • 4 comments

Florida-based Fidelity National Information Services on Tuesday announced a "misappropriation of consumer data" by a former employee of its Certegy Check Services subsidiary.

The former employee allegedly sold 2.3 million consumer records to a data broker who, in turn, sold the information to various marketing organizations. The records contained information on 2.2 million bank accounts and 990,000 credit card accounts, according to FIS.

"We have no reason to believe that the theft resulted in any subsequent fraudulent activity or financial damage to the consumer, and we are taking the necessary steps to see that any further use of the data stops," Certegy President Renz Nichols said in a statement.

As a precaution against identity theft, Certegy has notified major credit agencies and plans to soon notify all consumers affected by the data breach.

As CNET's resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security. Listen to his podcast at securitybites.cnet.com or e-mail Robert with your questions and comments.
Topics:

Security

Tags:

security,

identity theft

Share:
Digg
Del.icio.us
Reddit
Recent posts from News Blog
Nvidia puts NForce chipset development on hold
Opera 10 browser is here
Neil Young Archives Blu-ray: Rip off?
Acronis revises survey results about backup habits
Acronis miscalculates data on users' bad backup habits
Flickr co-founder presses beta button
Comcast, Sony open retail store
Cox to try coaxing the Internet into submission
Related
Yahoo adds privacy tool, in time for FTC meetings
Using Facebook and Twitter safely
Congress probes Visa, AmEx role in Web scam
Fake CDC vaccine e-mail leads to malware
Crave giveaway of the week: official rules (3)
Crave giveaway of the week: official rules (4)
CNET Top 5 Sony Reader Touch edition giveaway - official rules
Crave giveaway of the day: official rules (1)
Add a Comment (Log in or register) (4 Comments)
  • prev
  • 1
  • next
Employee Betrayal
by marileev July 3, 2007 12:13 PM PDT
This is another case of employee betrayal. This person's greedy actions put soo many people at risk for ID theft and years of watching their financial accounts.

While FNIS's Certegy group's president Renz Nichols says. "We have no reason to believe that the theft resulted in any subsequent fraudulent activity or financial damage to the consumer." Who's to say the data brokerage firms this FNIS employee sold the records to also has unscrupulous employees?

People can work an entire lifetime to become financially successful and incidents like these put their financial futures in jeopardy http://www.essentialsecurity.com/news.htm?pagename=Protecting_Your_Personal_Financial_Information_(PFI)
Reply to this comment
2.3 million records
by georgescott July 3, 2007 1:19 PM PDT
That is a lot of data. They have no internal controls otherwise no one would be able to get that much data out of there system. To blame the employee and forget that the employer is not to allow that to happen in the first place.
Reply to this comment
Erm, no.
by ajhoughton July 4, 2007 2:51 AM PDT
You can't jump to the conclusion that they have "no internal
controls" simply because of the amount of data this employee
was able to obtain.

For all you know, the employee might have been a database
administrator with admin access to the system that holds the
records. Or they might have been someone who dealt with
selling large quantities of data as part of their normal job, in
which case, again, they could legitimately have access to the
records in bulk.

We simply don't know (not from this article, anyway) who the
employee was or how they got hold of the data, so speculating
as to who was really at fault here is largely irrelevant. (Also, to
my mind, it will *always* be the employee who was at fault here,
since it was the employee that chose to distribute the data
illegally, *even if* the only reason they were able to get it was
that their employer was naïve.)
Consumer Records
by 46OldGoat51 July 3, 2007 1:58 PM PDT
The former employee, the data broker and those marketing organizations who bought the information with the knowledge that it had been obtained illegally should be prosecuted to the fullest extent of the law.
Reply to this comment
(4 Comments)
  • prev
  • 1
  • next
advertisement

15 sites that went kaput in 2009

Web sites launch all the time, but they also shut their doors. We highlight 15 that bit the dust this year.

Top 10 news stories of the decade

Let the debate begin: Was the iPhone more important than iTunes? Was anything bigger than Google finding a great business model? CNET offers its list of the 10 most important stories of the '00s.

About News Blog

Recent posts on technology, trends, and more.

Add this feed to your online news reader

advertisement
advertisement

Inside CNET News

Scroll Left Scroll Right
News
News site map
Latest headlines
Contact News
News staff
Corrections
CNET blogs
Popular topics
Apple iPhone
Apple iPod
Cell phones
CES 2010
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET Widgets
About CNET