Certegy breach worse than reported

By on
Certegy breach worse than reported

The number of consumer records sold to a data broker by a former Certegy Check Services database administrator is actually 8.5 million, about 6 million more than originally reported.

In a filing with the US Securities and Exchange Commission, Fidelity National Information Services, the parent of St. Petersburg, Fla.-based Certegy, reported some of the stolen records only contained names, addresses, telephone numbers and birth dates.

But, about 5.7 million contained checking account numbers and 1.5 million included credit card numbers, according to last week's filing. And the company conceded that more affected records may be identified as the investigation continues.

The former employee, whom Certegy has filed a civil lawsuit against, sold the records to a number of direct marketing firms, but so far, none of the data has been used fraudulently.

"As a result of this apparent theft, the consumers affected received marketing solicitations from the companies that bought the data," Renz Nichols, Certegy president, said in a 3 July statement, which had then estimated the number of stolen records at 2.3 million.

The company continues to warn users on its home page that they must be wary of solicitations from people claiming to be Certegy employees who seek their personal information.

"Please be advised that Certegy’s call centre is NOT making any outbound calls to consumers," the statement said. "In fact, the call centre staff does not have access to individual consumer information. [Instead] they are available to help those impacted understand what steps can be taken to safeguard their information."

Adam Bosnian, vice president of products and strategies at identity and access management provider Cyber-Ark Software, told SCMagazine.com today that organisations often blindly trust their database administrators (DBAs).

"Organisations need to be aware that these insider incidents are often done by the people with privileged access," he said, adding that DBAs often do their jobs with little or no scrutiny.

Instead businesses must implement monitoring tools and protocols for approving database changes, he said.
Got a news tip for our journalists? Share it with us anonymously here.
Tags:
breach certegy reported security than worse
In Partnership With

Most Read Articles

ATO moves to break up $1bn Optus megadeal

ATO moves to break up $1bn Optus megadeal
NBN Co shows its top user now hits 26TB a month

NBN Co shows its top user now hits 26TB a month
Inside Infosys' complex Centrelink payments calculator overhaul

Inside Infosys' complex Centrelink payments calculator overhaul
Google co-founders step aside as Pichai takes helm of parent Alphabet

Google co-founders step aside as Pichai takes helm of parent Alphabet
You must be a registered member of iTnews to post a comment.
| Register

Whitepapers from our sponsors

Are you getting profitable outcomes from your IT?
Are you getting profitable outcomes from your IT?
Your Microsoft Security journey starts here
Your Microsoft Security journey starts here
Is your AWS framework well-architected?
Is your AWS framework well-architected?
Why you should reassess your cybersecurity posture
Why you should reassess your cybersecurity posture
How will you manage the cloud data deluge?
How will you manage the cloud data deluge?

Events

Log In

Username / Email:
Password:
  |  Forgot your password?