Certegy Data Thief Pleads Guilty
Admits to Stealing 8.5 Million Customer Records; Will Help Feds A Florida man arrested after the data theft of millions of customer records has pled guilty in Federal court in Tampa. The Fidelity National Information Services/Certegy Check Services data theft case first broke in July. (Related story: Fidelity’s Data Theft Yet Another Signpost on Insider Threat) The senior database administrator admitted he stole details of 8.5 million customers over a period of five years and sold the information to data brokers for $580,000.William G. Sullivan, 54, worked for Certegy Check Services, a subsidiary of Fidelity National Information Services. Certegy sells financial authorization services to retailers. As a DBA, Sullivan was entrusted with defining and enforcing data access rights. Fidelity is a provider of transaction processing and related services to the financial industry.
See Also: Omni-Channel Authentication: A Unified Approach to a Multi-Authenticator World
"Some of the stolen records contained only identifying information such as name, address, telephone number and, in some circumstances, date of birth," said a statement from Certegy.
"However, many records contained personal financial information, and we are in the process of notifying those consumers whose financial information was included in the stolen data."
In his plea bargain, Sullivan promised to help with the continuing US Secret Service investigation in the case, return all money from the theft, and to pay damages to victims.
Under Sullivan's plea deal, he will serve less than the maximum five-year prison term, although his sentence has not been announced.
At Certegy, Sullivan used his access to Fidelity's database to copy records that included individuals' names, addresses and financial account information, according to court documents. Sullivan tried to hide the sale of the records through a business he incorporated, S&S Computer Services. It then would sell the data to an accomplice, who remains un-indicted. According to police, the unidentified person resold the information to direct marketers, including Strategia Marketing, which also operated under the name Suntasia.
Fidelity was alerted to the theft by a retail customer, who noticed a "correlation between a small number of check transactions and the receipt by the retailer's customers of direct telephone solicitations and mailed marketing materials."