Certegy Settles in Florida Data Breach Incident


Certegy Check Services this week signed off on a settlement agreement with the Florida Attorney General's office that calls for the St. Petersburg, Fla.-based financial services firm to dramatically upgrade its data security technology and processes after more than 5.9 million customer files were exposed in a massive data breach incident in 2007.

Certegy, a subsidiary of Fidelity National Information Services, allegedly failed to provide adequate data for consumer records that were stolen by a former employee who then tried to sell the personal information to data brokers and marketers.

The former employee, William Gary Sullivan, is currently serving a 57-month sentence in federal prison for fraud.

As part of its settlement in a class action suit filed in U.S. District Court in Tampa, Certegy agreed to provide either one year of free credit monitoring services or two years of bank account monitoring services.

Under terms of this latest deal with the Florida AG, Certegy will pay $850,000 to cover the state's investigative costs and attorneys fees. It will also make a $125,000 contribution to Florida Attorney General Bill McCollum's "Seniors vs. Crime" program, which strives to provide educational, investigative and crime prevention programs for senior citizens.

Also, Certegy will maintain a comprehensive "information security program" that assesses internal and external risks to consumers' personal information, implements safeguards to protect that information and regularly monitors and tests the effectiveness of those safeguards.

The settlement also requires Certegy and its related entities to comply with the Payment Card Industry (PCI) recommended security standards.

The investigation and settlement was orchestrated by the Attorney General's economic crime division.

Larry Barrett is a senior editor at InternetNews.com, the news service of Internet.com, the network for technology professionals.