Check Processor Says 2.3 million Consumer Records Stolen, Sold

An employee at a check processing company has been accused of stealing 2.3 million consumer data records that included bank account and credit card information.  The records were sold to direct marketers.

Certegy Check Services, Inc. said Tuesday that an employee, William Sullivan, used his position as a senior database administrator to misappropriate the data and sell it to a consumer data broker.  The company estimates that the 2.3 million records sold contained information on 2.2 million bank accounts and 99,000 credit card accounts. 

Certegy’s parent company, Fidelity National Information Services Inc. (NYSE: FIS), announced that no data had been used for identity theft or financial fraud, according to the Associated Press.

The story broke nationally as a result of a civil lawsuit filed by Fidelity against Sullivan. The data broker that originally bought the records, Jam Marketing, did not know the records were stolen, as did any of the marketing companies that bought the information from Jam.  Certegy fired Sullivan after it discovered the theft in early May.  Sullivan was a 7-year employee of Certegy.  An investigation by the U.S. Secret Service and Pinellas County (FL) Sheriff’s office is ongoing, according to various media reports.

Certegy said in a statement it maintains bank account information in connection with its check authorization business to help merchants to decide whether to accept checks as payment. Certegy also provides collection services on bad checks and has an authorization system specifically geared toward the gaming industry.