Attorney General Reaches Settlement with Certegy Check Services over Data Breach

Attorney General Bill McCollum today announced a settlement with a financial services company over allegations the company did not provide adequate data security for consumer records. Certegy Check Services, Inc., a St. Petersburg-based company, experienced a massive data breach which exposed personal identification information from approximately 5.9 million consumer files. Under the settlement, the company will ensure that safeguards are in place to protect consumer data.

Certegy Check Services, Inc., a related company, Fidelity National Card Services, and subsidiaries of Fidelity National Information Services, Inc., reported in July 2007 that customer data had been stolen by a former company employee. Certegy promptly notified the Attorney General and consumers of the data thefts, and cooperated with the Attorney General’s investigation. Subsequently, William Gary Sullivan, a former Certegy employee, was convicted of fraud and is currently serving a 57-month sentence in federal prison. Certegy and Fidelity also cooperated with investigations into the dissemination of consumer data through data brokers and marketers.

As part of a class action settlement in U.S. District Court in Tampa, consumers were given the opportunity to elect credit monitoring for one year or bank account monitoring for two years and were able to seek reimbursement of certain out-of-pocket costs incurred or identity theft expenses. Additionally, consumers were able to request credit monitoring at the company’s expense immediately after the thefts were announced.

The settlement with the Attorney General’s Office ensures that Certegy will maintain a comprehensive “Information Security Program” that assesses internal and external risks to consumers’ personal information, implements safeguards to protect that consumer information, and regularly monitors and tests the effectiveness of those safeguards. Certegy and its related entities will also adhere to payment card industry data security standards as those standards continue to evolve.

In addition to the compliance standards, Certegy will contribute $125,000 to the Attorney General’s Seniors vs. Crime Program for educational, investigative and crime prevention programs for the benefit of senior citizens and the community and will pay $850,000 for the state’s investigative costs and attorney’s fees. This investigation and settlement was handled by the Attorney General’s Economic Crimes Division.

If consumers believe at any time they are victims of identity theft, they should report the incidents to the local law enforcement and request that the national credit bureaus place fraud alerts on their credit reports. Consumers should also notify banks and creditors involved of questionable charges or accounts, keep records of all telephone calls and follow up in writing with credit bureaus, banks and creditors. Consumers are urged to review their credit reports as well as bank and credit card account transactions regularly for suspicious activity, and can find additional information about protecting themselves from identity theft online at http://www.myfloridalegal.com/identitytheft.

A copy of the agreement is available online at: http://myfloridalegal.com/webfiles.nsf/WF/MRAY-84KKQN/$file/CertegyAVC.pdf.

About the author: Dissent