DBA who stole consumer data gets 57 months in prison

Analysts call for guarantee that no one has full access to all of the networks and systems within an organization.

A former database administrator at Certegy Check Services who admitted last year that he stole the personal data of about 8.5 million consumers and sold the information to data brokers has been sentenced to 57 months in prison by a federal judge.

In addition, the judge ordered William G. Sullivan to pay almost $4 million in restitution to consumers victimized by the data-theft scheme, and to submit to three years' of court supervision upon his release from prison. The sentence was handed down last Thursday in the US District Court in Tampa, Fla.

Sullivan pleaded guilty to felony fraud charges last November, four months after the data thefts were disclosed by Certegy's parent company, Fidelity National Information Services Inc. As part of the plea agreement, prosecutors agreed to recommend a reduction from the maximum five-year sentence that Sullivan could have received.

Certegy, which is based in Florida, provides check-authorization services to financial institutions and merchants worldwide. According to court records, Sullivan, a resident of Florida's Pinellas County, systematically accessed Certegy's databases and downloaded consumer records over a five-year period starting in February 2002. The information that he stole included names, addresses, dates of birth, phone numbers, bank account as well as credit and debit card numbers, and payment card transaction data.

Sullivan admitted that he sold the data to an unidentified third party for a total of $580,000; the third party in turn sold the information to other data brokers. Sullivan even set up a company called S&S Computer Services, which he used as a front to sell the stolen data on his own, according to the court records.

His actions were discovered when a retailer that uses Certegy's service reported seeing a correlation between a small number of check transactions and the subsequent receipt of telephone and direct-mail marketing solicitations by some of its customers.

Fidelity, which refers to itself as FIS and is a separate company from both Fidelity Investments Inc. and Fidelity National Financial Inc., initially said that about 2.3 million consumer records had been stolen. But in filings with the U.S. Securities and Exchange Commision three weeks after the initial disclosure, FIS increased the count of compromised records to as much as 8.5 million. However, the company claimed that the stolen information had been used purely for direct marketing purposes and not to commit any kind of financial fraud.

A California law firm quickly filed a class-action lawsuit against FIS and Certegy. in connection with the data thefts. Certegy offered to settle the suit earlier this year, proposing a deal that would include one year's worth of free credit monitoring services and limited amounts of identity theft insurance coverage and reimbursements for costs incurred as a result of the data breach.

The Sullivan case highlighted the threat posed to corporate data and systems by rogue insiders. Just this week, in yet another example of the now-familiar tale of employees gone bad, a network administrator for San Francisco's municipal government was arrested for allegedly locking other admins out of the city's wide area network by setting passwords that no one else knows. The city may have to replace its Cisco routers and switches as a result, potentially costing it US$250,000 or more.

Security analysts have long maintained that such incidents show why it's crucial for companies to monitor what's going on inside their networks in addition to focusing on external threats. Also needed, analysts say, are processes that ensure a separation of duties and guarantee that no one has full access to all of the networks and systems within an organization.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.
Jaikumar Vijayan

Jaikumar Vijayan

Show Comments

Brand Post

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Tom Pope

Dynabook Portégé X30L-G

Ultimately this laptop has achieved everything I would hope for in a laptop for work, while fitting that into a form factor and weight that is remarkable.

Tom Sellers


This smart laptop was enjoyable to use and great to work on – creating content was super simple.

Lolita Wang


It really doesn’t get more “gaming laptop” than this.

Jack Jeffries


As the Maserati or BMW of laptops, it would fit perfectly in the hands of a professional needing firepower under the hood, sophistication and class on the surface, and gaming prowess (sports mode if you will) in between.

Taylor Carr


The MSI PS63 is an amazing laptop and I would definitely consider buying one in the future.

Christopher Low

Brother RJ-4230B

This small mobile printer is exactly what I need for invoicing and other jobs such as sending fellow tradesman details or step-by-step instructions that I can easily print off from my phone or the Web.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?