Friday, July 6, 2007

Information / Data Security

I hope that a person that commits a theft such as this is punished as severely as a criminal would be for bank theft or robbing a convenience store at gun point. I'd like to gather some of these articles and track what the outcomes are (don't know if time will permit). This is a big issue today whether you work in accounting, medical, retail... All company's really need to do is apply some basic accounting controls to their data (separation of duties, access to assets vs. access to records, etc.), follow through with some physical controls, then let the technology experts advise on data security techniques. Probably more complicated then I'm making it out to be, but if a company can keep its valuable trade secrets then they can protect their valuable customer data.

DATA SECURITY: 2.3M consumer records stolen, sold

Miami Herald via NewsEdge Corporation :

Fidelity National Information Services, the electronic-payment processor that agreed to buy EFunds for about $1.8 billion last month, said an employee stole 2.3 million consumer records and sold them to a data broker.

Certegy Check Services, a Fidelity unit which helps businesses clear checks, sued William Sullivan in a Florida state court to retrieve the information and end its use. The personal, bank account and credit-card data were resold to direct marketers, the Jacksonville company said.

"We don't anticipate losing any business as a result of this situation," Renz Nichols, president of Certegy, said on a conference call. "We have seen no evidence that any credit card or bank account information was used for anything other than marketing."

Banks, financial firms and retailers are focusing on data security after system breaches led to consumer lawsuits and losses. Retailer TJX Cos. said in March that hackers stole at least 45.7 million card numbers, the biggest theft of such data. MasterCard and Visa reported in June 2005 a security breakdown that exposed 40 million cards to fraud.

Certegy also sued Sullivan, formerly a senior database administrator, for misappropriation of trade secrets, breach of fiduciary duty and breach of confidentiality agreements. The complaint didn't specify the amount of damages sought by the company.

Certegy fired Sullivan after it discovered that the information was sold, Michelle Kersch, a spokeswoman for the subsidiary, said. Sullivan was one of five workers with access to the records, Nichols said.

Lawyers for the firm said they didn't have an address or telephone number for Sullivan, who couldn't be reached by Bloomberg News for comment through directory assistance or computer searches.

The stolen data included names, addresses, telephone numbers, birth dates, as well as bank account and credit card information, the company said. After receiving the information, the data broker sold names and addresses, but not customers' entire bank account numbers, to the marketing firms, Nichols said.

The Secret Service, a branch of the U.S. Treasury Department that investigates fraud, is "actively investigating this case," said John Joyce, special agent in charge of the agency's Tampa field office. It's a felony to transfer, possess or use private customer information for unauthorized purposes, he said.

Shares of Fidelity National fell 8 cents to $54.70 in New York Stock Exchange composite trading. The stock has gained 36 percent this year.

"It's the responsibility of institutions like Fidelity to strictly limit access to data, to make sure the people handling the data are people we can trust," said Adam Levine, chairman of Identity Theft 911, a financial services firm in Scottsdale, Arizona.

Certegy, which employs about 1,000 people, is notifying consumers about the data theft, and has alerted credit reporting agencies as well as the Visa and MasterCard networks to be on the look out for fraudulent transactions, Nichols said. As far as the company knows, "no one was financially harmed," he said.


No comments: