Online forum claims Certegy breach led to ID theft

Share this article:

The former Certegy employee who sold millions of customer records to direct marketers may also have set off a string of identity theft attacks, contrary to reports from the check verification company, according to a group of online posters.

Since the breach was announced in early July, St. Petersburg, Fla.-based Certegy has been steadfast in its claim that none of the 8.5 million records illegally sold to direct marketing firms have been used fraudulently.

But a number of posters in a Bed, Bath and Beyond online forum accuse Certegy of not being honest. According to the forum, a class-action lawsuit against the company is taking shape over the breach.

"I just found out a few days ago that my husband and I are now the victims of identity theft," an Oklahoma woman using the alias "Class Action Suit Ready" wrote last week on the bulletin board. "As he called his credit card company to prove his innocence, I realized it was only a few days after the notification letter [from Certegy] that all of the fraudulent checks were written on his account. That is not a coincidence. I’ve never had any identity theft issues until a few days after I received that letter from Certegy."

Another unnamed poster who received the notification letter more than two weeks ago said his credit card was denied last weekend at a grocery store, even though he believed he had more than $2,000 in his account.

Representatives from Lieff Cabraser, the San Francisco-based law firm taking the case, according to the forum, did not return a telephone call seeking comment.

A representative from Fidelity could not immediately be reached for comment.

Meanwhile, Certegy earlier this month filed a civil lawsuit against the former employee who sold the records, William Sullivan. He worked as a senior database administrator, giving him privileged access to the data. Certegy also has requested the marketing firms be barred from further using any of the data Sullivan sold to them.

In a filing last week with the U.S. Securities and Exchange Commission, Certegy parent Fidelity National Information Services reported the extent of the breach is much higher than originally reported. Initial estimates placed it at 2.3 million stolen records.

Meanwhile, Florida Attorney General Bill McCollum has warned victims to be on the lookout for identity theft.

But Certegy officials maintain there is no known risk of fraud.

"While the company’s investigation into this incident continues, we have seen no evidence that your information has been used for anything other than marketing purposes," according to a FAQ document to victims.

Click here to email reporter Dan Kaplan.

 

Share this article:

Sign up to our newsletters

More in News

Research shows vulnerabilities go unfixed longer in ASP

Research shows vulnerabilities go unfixed longer in ASP

A new report finds little difference in the number of vulnerabilities among programming languages, but remediation times vary widely.

Bill would restrict Calif. retailers from storing certain payment data

The bill would ban businesses from storing sensitive payment data, for any long than required, even if it is encrypted.

Amplification, reflection DDoS attacks increase 35 percent in Q1 2014

Amplification, reflection DDoS attacks increase 35 percent in ...

The Q1 2014 Global DDoS Attack Report reveals that amplification and reflection distributed denial-of-service attacks are on the rise.