Certegy Data Thief Pleads Guilty

Admits to Stealing 8.5 Million Customer Records; Will Help Feds A Florida man arrested after the data theft of millions of customer records has pled guilty in Federal court in Tampa. The Fidelity National Information Services/Certegy Check Services data theft case first broke in July. (Related story: Fidelityâs Data Theft Yet Another Signpost on Insider Threat) The senior database administrator admitted he stole details of 8.5 million customers over a period of five years and sold the information to data brokers for $580,000.

William G. Sullivan, 54, worked for Certegy Check Services, a subsidiary of Fidelity National Information Services. Certegy sells financial authorization services to retailers. As a DBA, Sullivan was entrusted with defining and enforcing data access rights. Fidelity is a provider of transaction processing and related services to the financial industry.

See Also: Ransomware: The Look at Future Trends

"Some of the stolen records contained only identifying information such as name, address, telephone number and, in some circumstances, date of birth," said a statement from Certegy.

"However, many records contained personal financial information, and we are in the process of notifying those consumers whose financial information was included in the stolen data."

In his plea bargain, Sullivan promised to help with the continuing US Secret Service investigation in the case, return all money from the theft, and to pay damages to victims.

Under Sullivan's plea deal, he will serve less than the maximum five-year prison term, although his sentence has not been announced.

At Certegy, Sullivan used his access to Fidelity's database to copy records that included individuals' names, addresses and financial account information, according to court documents. Sullivan tried to hide the sale of the records through a business he incorporated, S&S Computer Services. It then would sell the data to an accomplice, who remains un-indicted. According to police, the unidentified person resold the information to direct marketers, including Strategia Marketing, which also operated under the name Suntasia.

Fidelity was alerted to the theft by a retail customer, who noticed a "correlation between a small number of check transactions and the receipt by the retailer's customers of direct telephone solicitations and mailed marketing materials."


About the Author

Linda McGlasson

Linda McGlasson

Managing Editor

Linda McGlasson is a seasoned writer and editor with 20 years of experience in writing for corporations, business publications and newspapers. She has worked in the Financial Services industry for more than 12 years. Most recently Linda headed information security awareness and training and the Computer Incident Response Team for Securities Industry Automation Corporation (SIAC), a subsidiary of the NYSE Group (NYX). As part of her role she developed infosec policy, developed new awareness testing and led the company's incident response team. In the last two years she's been involved with the Financial Services Information Sharing Analysis Center (FS-ISAC), editing its quarterly member newsletter and identifying speakers for member meetings.




Around the Network