DBA Pleads Guilty of Stealing Certegy Customer Records

A database administrator serving a subsidiary group of FIS (Fidelity National Information Services Inc.) since a long time accepted it as true that he was responsible for stealing customer records of about 8.5 Million people over a span of five years. ComputerWorld reported this in the second week of December 2007.

William G. Sullivan admitted in a Tampa, Fla., federal court that he committed a serious crime of fraud and agreed that he would pay compensation to those affected in the crime and also cooperate in responding to interrogations by investigators of the theft.

Sullivan's sentence for imprisonment is still to be decided, although according to the agreement at the time of plea, his term could be less than five years, the maximum sentence for such crimes.

Sullivan served as one of the database administrators while working at Certegy Check Services Inc., a subsidiary company of Fidelity National based in St. Petersburg, Fla., that renders services for authorizing checks to merchants and financial institutions.

According to court documents, Sullivan lived in Pinellas County, Fla., and in his capacity as DBA, he handled large volumes of secret consumer data with Certegy.

Over the period from February 2002 to August 2007, Sullivan had allegedly accessed the databases of Certegy and downloaded records relating to around 8.5 Million customers.

Certegy, in a statement, said that part of the illegally accessed records consisted of only personal identification information including name, telephone number, and address and in certain cases, date of birth. ITWeek published it on December 5, 2007. However, a lot of the records also included personal financial details and Certegy was notifying all the consumers whose financial particulars were lost, the statement said.

Further, information put before the courts indicate that Sullivan allegedly sold the stolen data to brokers for $580,000.

According to Fidelity National, Mr. Sullivan's unauthorized practices came to light when a retail customer of Certegy reported in May that he found a connection between check transactions of small amounts and customers receiving marketing solicitations over mail and telephone.

Meanwhile, a resident of Los Angeles has sued Certegy for failing to adequately protect its consumers' data.

Related article: Dubai - City with Majority Botnets in the Middle East

» SPAMfighter News - 12/19/2007