JACKSONVILLE, Fla. -
The employee, a senior-level data base administrator, was fired, but not before he sold the data to an unidentified data broker, who then sold some of it to a variety of direct marketing companies.
The information has not been used for identity theft or other fraudulent uses, according to the company.
About 2.2 million records stolen from Certegy contained credit union and bank information, while 99,000 contained credit card data.
The stolen data contained names, addresses, phone numbers, birthdates and credit union, bank and credit card information.
"As a result of this apparent theft, the consumers affected received marketing solicitations from the companies that bought the data. We believe that is the extent of any damage to the public," said Renz Nickols, president of Certegy, during a conference call last Tuesday. No identity theft or fraudulent financial activity has been reported.
The theft was discovered after a retail check-processing customer alerted Certegy to a correlation between a small number of check transactions and the receipt by the retailer's customers of direct telephone solicitations and mailed marketing materials.
When Certegy's investigation did not detect any breach of its security systems, it asked the U.S. Secret Service to contact the marketing companies to trace the source of the data.
The company supplying the information was found to be company-owned, and operated by the Certegy employee.
Fidelity said the employee removed the information from Certegy's facility via physical processes, and not electronic transmission.
Although he was authorized to access the information to perform his job, the removal and unlawful use of the information was a breach of fiduciary duty.
The company is still investigating the time period during which the misappropriations occurred.
There is a civil complaint filed against the ex-employee, according to Fidelity.
The data breach is the latest of a growing number of incidents in which large volumes of personal information is being either stolen or leaked the public.
Certegy, a subsidiary of Fidelity National Information Services, maintains bank account information in connection with its check-authorization businesses, which helps merchants decide whether to accept checks as payment.
In February 2006, Fidelity bought Certegy Card Systems from Equifax. Equifax had bought CUNA Card services from what was then-called CUNA Service Group and renamed it Certegy in 1996.
