DBA who stole consumer data gets 57 months in prison

Analysts call for guarantee that no one has full access to all of the networks and systems within an organization.

A former database administrator at Certegy Check Services who admitted last year that he stole the personal data of about 8.5 million consumers and sold the information to data brokers has been sentenced to 57 months in prison by a federal judge.

In addition, the judge ordered William G. Sullivan to pay almost $4 million in restitution to consumers victimized by the data-theft scheme, and to submit to three years' of court supervision upon his release from prison. The sentence was handed down last Thursday in the US District Court in Tampa, Fla.

Sullivan pleaded guilty to felony fraud charges last November, four months after the data thefts were disclosed by Certegy's parent company, Fidelity National Information Services Inc. As part of the plea agreement, prosecutors agreed to recommend a reduction from the maximum five-year sentence that Sullivan could have received.

Certegy, which is based in Florida, provides check-authorization services to financial institutions and merchants worldwide. According to court records, Sullivan, a resident of Florida's Pinellas County, systematically accessed Certegy's databases and downloaded consumer records over a five-year period starting in February 2002. The information that he stole included names, addresses, dates of birth, phone numbers, bank account as well as credit and debit card numbers, and payment card transaction data.

Sullivan admitted that he sold the data to an unidentified third party for a total of $580,000; the third party in turn sold the information to other data brokers. Sullivan even set up a company called S&S Computer Services, which he used as a front to sell the stolen data on his own, according to the court records.

His actions were discovered when a retailer that uses Certegy's service reported seeing a correlation between a small number of check transactions and the subsequent receipt of telephone and direct-mail marketing solicitations by some of its customers.

Fidelity, which refers to itself as FIS and is a separate company from both Fidelity Investments Inc. and Fidelity National Financial Inc., initially said that about 2.3 million consumer records had been stolen. But in filings with the U.S. Securities and Exchange Commision three weeks after the initial disclosure, FIS increased the count of compromised records to as much as 8.5 million. However, the company claimed that the stolen information had been used purely for direct marketing purposes and not to commit any kind of financial fraud.

A California law firm quickly filed a class-action lawsuit against FIS and Certegy. in connection with the data thefts. Certegy offered to settle the suit earlier this year, proposing a deal that would include one year's worth of free credit monitoring services and limited amounts of identity theft insurance coverage and reimbursements for costs incurred as a result of the data breach.

The Sullivan case highlighted the threat posed to corporate data and systems by rogue insiders. Just this week, in yet another example of the now-familiar tale of employees gone bad, a network administrator for San Francisco's municipal government was arrested for allegedly locking other admins out of the city's wide area network by setting passwords that no one else knows. The city may have to replace its Cisco routers and switches as a result, potentially costing it US$250,000 or more.

Security analysts have long maintained that such incidents show why it's crucial for companies to monitor what's going on inside their networks in addition to focusing on external threats. Also needed, analysts say, are processes that ensure a separation of duties and guarantee that no one has full access to all of the networks and systems within an organization.

Join the newsletter!

Or
Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jaikumar Vijayan

Computerworld
Show Comments

Essentials

Mobile

Victorinox Werks Professional Executive 17 Laptop Case

Learn more >

Exec

Budget

Back To Business Guide

Click for more ›

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?