Online forum claims Certegy breach led to ID theft

Share this article:

The former Certegy employee who sold millions of customer records to direct marketers may also have set off a string of identity theft attacks, contrary to reports from the check verification company, according to a group of online posters.

Since the breach was announced in early July, St. Petersburg, Fla.-based Certegy has been steadfast in its claim that none of the 8.5 million records illegally sold to direct marketing firms have been used fraudulently.

But a number of posters in a Bed, Bath and Beyond online forum accuse Certegy of not being honest. According to the forum, a class-action lawsuit against the company is taking shape over the breach.

"I just found out a few days ago that my husband and I are now the victims of identity theft," an Oklahoma woman using the alias "Class Action Suit Ready" wrote last week on the bulletin board. "As he called his credit card company to prove his innocence, I realized it was only a few days after the notification letter [from Certegy] that all of the fraudulent checks were written on his account. That is not a coincidence. I’ve never had any identity theft issues until a few days after I received that letter from Certegy."

Another unnamed poster who received the notification letter more than two weeks ago said his credit card was denied last weekend at a grocery store, even though he believed he had more than $2,000 in his account.

Representatives from Lieff Cabraser, the San Francisco-based law firm taking the case, according to the forum, did not return a telephone call seeking comment.

A representative from Fidelity could not immediately be reached for comment.

Meanwhile, Certegy earlier this month filed a civil lawsuit against the former employee who sold the records, William Sullivan. He worked as a senior database administrator, giving him privileged access to the data. Certegy also has requested the marketing firms be barred from further using any of the data Sullivan sold to them.

In a filing last week with the U.S. Securities and Exchange Commission, Certegy parent Fidelity National Information Services reported the extent of the breach is much higher than originally reported. Initial estimates placed it at 2.3 million stolen records.

Meanwhile, Florida Attorney General Bill McCollum has warned victims to be on the lookout for identity theft.

But Certegy officials maintain there is no known risk of fraud.

"While the company’s investigation into this incident continues, we have seen no evidence that your information has been used for anything other than marketing purposes," according to a FAQ document to victims.

Click here to email reporter Dan Kaplan.


Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters


More in News

Email promises free pizza, ensnares victims in Asprox botnet instead

Email promises free pizza, ensnares victims in Asprox ...

Cloudmark came upon an email that offers free pizza, but clicking on the link to get the coupon ends with victims being ensnared in a botnet.

Report: most orgs lacking in response team, policies to address cyber incidents

In its Q3 threat intelligence report, Solutionary learned that 75 percent of organizations it assisted had no response team or policies and procedures to address cyber incidents.

Flash redirect campaign impacts Carnegie Mellon page, leads to Angler EK

Flash redirect campaign impacts Carnegie Mellon page, leads ...

Malwarebytes found that, since early July, thousands of sites had been targeted in the campaign.