Two million and three hundred thousand Fidelity customers saw their data illegally removed from the financial company’s databases and reused without permission in marketing campaigns.
With the support of the American secret services, the company discovered that the problem was not the result of any system failure or successful attack, but of the action of a system administrator with special access privileges to the databases. This technician diverted the information held by Certegy Check Services – a company that checks credit card data and checks for casinos – and sold it to marketing companies.
Among the information diverted were not only personal information from customers, but also credit card data and access to bank accounts of at least 99,000 customers.
Without damage to the affected users, the fraud remained undiscovered for some time until the first complaints of insistent contacts to sell products and services appeared.
American consumer rights organizations have already reacted, considering it unacceptable that companies in charge of managing such significant volumes of personal data have not implemented systems that prevent situations of this kind, namely recording all access to databases with critical information . The employee responsible for the fraud will answer for the crime.
2005-08-09 – Security company discovers mega identity theft scheme