Data security breaches are in the news nearly every day: major corporations, hospitals, even governmental entities who have collected our personal information lose it through human error, technical malfunction, theft, or physical loss of laptops containing sensitive information.
This week, Certegy Check Services, Inc. (a division of Fidelity National Information Services, Inc.) has outdone them all. In a July 3 press release, Fidelity announced that a senior database administrator for Certegy had stolen and sold approximately 2.3 million consumer records.
The misappropriated records included names, addresses, telephone numbers and, in the majority of cases, bank account information. Fidelity also estimates that approximately 99,000 of the misappropriated records contained credit card information.
These records were apparently sold to a data broker, who in turn sold some of the records to direct marketing organizations. While the misuse of personal data in that context is troubling enough, the greater concern comes from the risk of identity theft and other fraudulent bank account or credit card transactions related to the release of this consumer information.
Although Certegy's President, Renz Nichols, has stated that they have no reason to believe that the theft resulted in any fraudulent activity or damage to the consumer, the impact of the release of information remains to be seen.
Certegy has implicitly acknowledged the risks by taking immediate action to create fraud watch procedures for financial institutions-procedures one might have hoped that an organization dealing with a high volume of sensitive financial information would have had in place before the crisis occurred.
The press release indicated that Certegy would be personally notifying all affected consumers, but did not disclose an estimated date for completion of that notification. Given that more than 2 million records were misappropriated, we may anticipate that the notification process will not happen overnight.
The press release also stressed that "Certegy is a conscientious company that takes its responsibility to protect and preserve consumer information very seriously."