voodish logo
tweet rss book of faces Linked In

Employee sold 8.4 million user records

William Gary Sullivan, a database administrator pleaded guilty to stealing 8.4 million consumer records from a credit checking firm in Florida. A court heard he earned £280,000 ($580,000) by selling the data to direct marketing companies.

Legal documents show that William Gary Sullivan was employed as a senior database administrator at a consumer reporting agency called Certegy, which provides a service to help retailers decide whether or not to accept cheques as payment for goods and services.

Between 2002 and June of this year, the 54-year-old database analyst accessed records containing the names, addresses and bank/credit card of millions of people across the United States, and passed that information on to a co-conspirator, who then sold it to various third parties, including direct marketing firms.

Last week, Sullivan pleaded guilty to conspiracy and fraud in connection with computers. Although a sentence has not yet been handed down, he faces a maximum penalty of 10 years behind bars as well as a $500,000 fine. Which, if our sums are correct, might still leave him with around $80,000 in loose change.

It was only after one of Certegy’s retail customers smelled a rat that the company ordered a forensic examination of its systems. When that failed to turn up any holes, they called in the Secret Service – who descended upon the marketing firms in question and tracked down the source of the data.

The Secret Service was able to identify the company supplying the information and … determined that the company was owned and operated by a Certegy employee. The employee was a senior level database administrator who was entrusted with defining and enforcing data access rights.

To avoid detection, the technician removed the information from Certegy’s facility via physical processes, not electronic transmission,

Certegy’s parent company, Fidelity National Information Services, said in a statement released earlier this year.

Certegy said the theft did not involve any outside intrusion into, or compromise of its systems, and said it had no reason to believe that the theft resulted in any subsequent fraudulent activity or financial damage to the consumer.

Related Articles

Comments RSS Feed

No Comments Yet

You can be the first to comment!

Leave a comment