July 3, 2007 10:46 AM PDT
Credit agency suffers 'misappropriation' of 2.3 million consumer records
Posted by Robert Vamosi
Florida-based Fidelity National Information Services on Tuesday announced a "misappropriation of consumer data" by a former employee of its Certegy Check Services subsidiary.
The former employee allegedly sold 2.3 million consumer records to a data broker who, in turn, sold the information to various marketing organizations. The records contained information on 2.2 million bank accounts and 990,000 credit card accounts, according to FIS.
"We have no reason to believe that the theft resulted in any subsequent fraudulent activity or financial damage to the consumer, and we are taking the necessary steps to see that any further use of the data stops," Certegy President Renz Nichols said in a statement.
As a precaution against identity theft, Certegy has notified major credit agencies and plans to soon notify all consumers affected by the data breach.
Well, well, well...
I have wondered about what happens to all that data, lost and stolen from business and government alike. I have suggested for a few years that the PII (personal identifying information) that has come up missing was not being exploited for fraudulent purposes but being purchased by marketing companies and debt collection companies.
Lo and behold, what do we have here but a disclosure by Fidelity's check clearing and collection arm Certegy, that 2.3 million sets of PII have been sold to a company responsible for filling the mailboxes of America with the pulp of dead trees, only to be trashed within minutes of its being reviewed by their erstwhile recipients. Where are the enviro-wackos to protest this abuse of precious American forestry products?
This discovery is further verified by recent studies including from the Government Accounting Office which demonstrate that while the number of victims of data breaches is quite high, identity theft resulting from a breach is unlikely.
One day, when the facts are beating the hype, people may come to realize that there are "breaches" and then there are "breaches". Those of us who are active professionally in identity theft matters have known for quite some time that there is a difference between a malicious theft or release of information such as a hacking attack and the loss of a computer which happened to have a file with the PII of a pool of consumers.
Hopefully, this story is the proverbial tip of the iceberg and that more marketing pull breaches will be revealed. But names per dollar will continue to be big business for marketers and debt collectors as it is for id theft fraudsters until the cost of penalties match the value of direct mailing campaigns.