Certegy Check Service (collector + credit bureau) employee sold 2.3 million consumer data records
Check Processor Says 2.3 million Consumer Records Stolen, Sold
Certegy Check Services, Inc. said Tuesday that an employee, William Sullivan, used his position as a senior database administrator to misappropriate the data and sell it to a consumer data broker.by Patrick Lunsford,
insideARM.com
July 5, 2007An employee at a check processing company has been accused of stealing 2.3 million consumer data records that included bank account and credit card information. The records were sold to direct marketers.
Certegy Check Services, Inc. said Tuesday that an employee, William Sullivan, used his position as a senior database administrator to misappropriate the data and sell it to a consumer data broker. The company estimates that the 2.3 million records sold contained information on 2.2 million bank accounts and 99,000 credit card accounts.
Certegy’s parent company, Fidelity National Information Services Inc. (NYSE: FIS), announced that no data had been used for identity theft or financial fraud, according to the Associated Press.
The story broke nationally as a result of a civil lawsuit filed by Fidelity against Sullivan. The data broker that originally bought the records, Jam Marketing, did not know the records were stolen, as did any of the marketing companies that bought the information from Jam. Certegy fired Sullivan after it discovered the theft in early May. Sullivan was a 7-year employee of Certegy. An investigation by the U.S. Secret Service and Pinellas County (FL) Sheriff’s office is ongoing, according to various media reports.
Certegy said in a statement it maintains bank account information in connection with its check authorization business to help merchants to decide whether to accept checks as payment. Certegy also provides collection services on bad checks and has an authorization system specifically geared toward the gaming industry.
Isn’t it interesting that they claim that “no data had been used for identity theft or financial fraud.”
How would they know? They can’t possibly be so stupid to think that ID thieves let the victim know where they got their data!
Lies, lies and more lies ... everywhere I look.
Next to NO ID theft complaints are actually investigated, judge Wake in Phoenix ruled that Capital One has no fiduciary duty to its customers and that they do not have to provide ANY info whatsoever about fraudulent charges to its customers—effectively preventing any investigation.
So there. Those thugs all stick together.
It is EXTREMELY likely that bank and CRA employees routinely sell credit card and personal data to ID thieves. As long as they don’t get too greedy, nobody will ever know. After all, their employers make sure that ID theft can not be investigated.
Posted by Christine on 07/05/2007 at 12:10 PM
Credit - Collection - Economic News • ID Theft - demand your PIN! • (14) Comments • Permalink
Yes, Certegy thinks that it is contained (so far) and no fraud has taken place (yet).
Do they not think that after firing William Sullivan and suing him that he won’t now try to sell the information yet again? He’s still got it somewhere, on a thumbdrive perhaps? Right?
Certegy needs to take responsibilty and cover the costs of active TrueCredit.com monitoring for all affected customers.
On Wednesday, 11 July, I received a letter from Certegy Check Services out of Tampa, FL (Parent Company: Fidelity National Information Services NYSE: FIS—deep pockets here...) which sells information to local businesses and the gaming industry (I’ve never even bought so much as a LOTTO card or played $Bingo$ in my life!) informing me that I was part of a national ID Theft on the part of their company which happened in Florida. They suggested that I “watch my account for suspicious activity” but with advice from my bank, I closed my account instead. Thursday, 12 July, I canceled all credit cards, debit card, ATM card, destroyed all unused checks, borrowed my elderly parent’s credit card to purchase new checks (my credit cards obviously canceled) for >$50.00 (very same style as old destroyed account), contacted companies that debit my account such as the health club membership, various utilities, amazon.com, internet banking, etc., to inform them that I closed out the account and need to start a new account, order new credit, debit, and ATM cards, etc. I think you can see the very time-consuming and mild-costs incurred.
The letter from Certegy Check Services has a check list of things I should do like contacting on of the big three credit reporting agencies and notifying them of the ID Theft. This I did. The letter also suggested that I place a “free credit freeze” on my existing accounts whereby someone can not open a line of credit in my name and hold me libel for the amount. This is where I found a glitch. In the State of Tennessee consumers can NOT get a ‘credit freeze’—free or otherwise. This means that with my personal information out there, someone could open an account in my name, order goods or services, get cell phone contract, rent an apartment, etc., and the burden of proof resting on me to clear my name for the amounts and other data incurred.
The second issue that bothers me is that a Certegy, a company that I had no idea possessed my data, had so few safe-guards to protect millions of customers. I am a school teacher w/ a Tennessee school system and I go through a fingerprint & background check to teach. I also sign an agreement that I will not use illegal drugs or abuse legal substances. I have supervisors, fellow teachers, teacher’s assistants, parent patrols, and security cameras which help to safeguard these children. I would ask: “What kind of safeguards do companies like this have to guard against this kind of intrusion?” and “Do these employees go through background checks?” It is not as if the topic of ‘ID Theft’ dropped out of the sky yesterday. NBC’s Dateline shows financial companies all the time how easy data can be stolen without proper safeguards in place. Why is this squeaky-wheel of a message falling on deaf ears in this day and time?
I have been affected by this ID Theft. I have noticed that I am receiving a substantial upswing of unsolicited marketing calls and mail despite my name on the U.S. Federal and Tennessee DONOTCALL registry. I would say the calls/mail really started in April and continued in May. I even received one yesterday from a company in Phoenix, AZ. I’ve been a paying customer through BellSouth for an unlisted phone number in telephone books & 411 calls for 24 years so any company not authorized by me to have my phone number and name is in itself unsettling. This privacy that I’ve paid for for so long is now compromised.
The third issue is that a victim of consumer credit fraud is only allowed one free credit report per year—the same as those who have not had an issue w/ fraud. The problem is that you may not know that credit was opened in your name until a year later. All security experts say that the quicker you are able to notify the company that fraud has occurred, the better it is for protecting the consumer & businesses. An individual can expect around $120.00 per year for a monthly security check or $360.00 from all of the big three credit reporting agencies (Equifax, Trans Union, & Experian), but why should and individual be out around $$$ for theft by a company who ‘gleaned’ for financial profit an individuals personal data (with out consent of knowledge)? When flying overseas, my personal data (SSI) is only held for 24 hours and then destroyed by the Federal Aviation Administration (a third-party to my flying transaction) and sister international government organizations (signs highlighting these rights abound at international airports). Why is it that a company that I do not know can harvest & retain very sensitive data and not be required to destroy it like the Federal Aviation Administration?
I was granted degrees majoring in both accounting & business management so I am well aware of the importance of following the US federal recommended safeguards (possess only one credit card, never give out your birth-date or SS#, etc.), yet this despite my judiciously following these safeguards over the years, ID theft happened to me.
I am interested in pursuing a class action lawsuit to wake this industry up to consumer protection since the US government and state regulators are failing to do anything but slap these financial institutions on the wrists.
I got my letter in the mail today from Certegy. Seems by checking account information was compromised. After speaking with them this evening, they are supposed to be sending me a list of places that “may” have cashed a check of mine.
The same story, received letter...... Does anyone know of any lawyar preparing lawsuit against those Certegy guys?
I spoke with Certigy as well today. I asked them if the intended paying for the cost I will incurr getting credit reports from all 3 bearues for the next 6 months just to make sure the information they leaked has not impacted me. The response was “No”. I also demanded to have my information removed from their database. I was refered to 1-727-227-8000 to do this. How do we go about getting a class action together against this company. This company cannot be allowed to gather and sell data.
Jyll, Certegy couldn’t possibly provide a listing of places that cashed your checks. Why aren’t you contacting your bank?
Ever reconcile your statements? Review your account online?
And Desiree, you committed credit suicide.
“Thursday, 12 July, I canceled all credit cards, ...”
If your credit rating is so NOT important to you, why bother doing anything?
You are NOT responsible for fraudulent use of your account!
You just destroyed your FICO scores YOURSELF!
You created more work for yourself than if you had become an ID theft victim.
This is like someone sliding on an icy road hitting the brake. Can consumers be expected to know that they should NOT close any reported accounts?
Is Certegy liable for damages to consumers who made such horrible decisions and who will no longer be able to purchase a home, refinance, rent, etc.?
I respectfully disagree w/ Christie’s comments. I followed all advice given by the U.S. Federal Trade Commission (go to ftc.gov for more information on ID Theft recommendations). If I can not trust both the US government and other national news agencies like Dateline, MSNBC, etc. to give me up-to-date steps to minimize ID Theft, then my credit is shot to pieces no matter what I do. This is the ironic crux of ID Theft. The burden of proof is essentially on the innocent guy to prove they did not run up credit charges both now and in the future do to no fault of their own. Being stuck w/ someone elses bills in my good name is out-and-out theft—no matter how you slice it. To leave compromised credit cards open for anyone’s access is stupid. Credit ratings are not generated on open accounts but on my good name. Closing ccounts is like closing the draw bridge to the castle during a siege. It makes it harder for the theft to breech the securitywall.
Does anyone know of a class action suit against Certegy and how I can contact them please?
Desiree wrote:
“I followed all advice given by the U.S. Federal Trade Commission (go to ftc.gov for more information on ID Theft recommendations).”
For God’s sake, get a grip on reality.
It’s beyond me how people can find my site, SEE how corrupt the government is and then continue to believe their crap.
Desiree, don’t post here again. I have zero time to respond to dumb people.
And Sheri, please search here for class actions and read the link on how to deal with collectors.
“""I respectfully disagree w/ Christie’s comments. I followed all advice given by the U.S. Federal Trade Commission (go to ftc.gov for more information on ID Theft recommendations). If I can not trust both the US government and other national news agencies like Dateline, MSNBC, etc. to give me up-to-date steps to minimize ID Theft, then my credit is shot to pieces no matter what I do."""
Not so. They have very little understanding of the law and the reprucutions of ID theft. You can not trust them.
“"This is the ironic crux of ID Theft. The burden of proof is essentially on the innocent guy to prove they did not run up credit charges both now and in the future do to no fault of their own."""
Exactly the problem. Just dont expect any help.
“""To leave compromised credit cards open for anyone’s access is stupid. Credit ratings are not generated on open accounts but on my good name. Closing ccounts is like closing the draw bridge to the castle during a siege. It makes it harder for the theft to breech the securitywall."""
BUT it does destroy your credit rating. The raters dont know why you closed them. They only know that your profile just went wacky. You are not liable for fraudulent charges.
I did a search for what information http://people-finders.ws had on me, and beyond a basic privacy concern (like Zabasearch, which displays home addresses and often telephone numbers), People-Finders displays information that can ONLY be gotten from the 3 major credit bureaus!
They list names for me that can not be obtained from anywhere else BUT my credit report. A year ago my daughter-in-law used my address when she was applying for a couple jobs. She shows up as a “possible room-mate” of mine. Again, the only way this information could be obtained by People-Finders is from the credit bureaus.
Something has to be done!
With regards to fraudulent charges:
“This is the ironic crux of ID Theft. The burden of proof is essentially on the innocent guy to prove they did not run up credit charges both now and in the future do to no fault of their own.”
That’s totally false. Even the morons at Capital One took my word for it. I had to prove NOTHING. No argument whatsoever. Immediate credit was issued. Replacement card was mailed within a day or two.
My LOSS: Having to call the morons at Capital One and $0 for the unauthorized charges.
I take that ANY day over having to close an account. Closing your accounts makes as much sense as blowing your brains out because someone in your family got cancer and you want to make sure you don’t get it.
I’m a LOT more concerned over Mara’s posting.
Why is the PERSONAL information from the credit report available to ANYONE?
I started a NEW category for peoplefinders.com, appreciate Mara’s posting.
http://creditsuit.org/credit.php/blog/C139/
Since the merger with Fidelity Information Services, the division of Certegy responsible for merchant check guarantee has remained operating under the name Certegy.
