Fidelity National Information Services Announces Misappropriation of Consumer Data by Employee of Certegy Check Services Division

Jul 03, 2007, 01:00 ET from Fidelity National Information Services, Inc.

    JACKSONVILLE, Fla., July 3 /PRNewswire-FirstCall/ -- Fidelity National
 Information Services, Inc. (NYSE:   FIS), announced today that its
 subsidiary, Certegy Check Services, Inc. ("Certegy"), a service provider to
 U.S. retail merchants, based in St. Petersburg, Florida, was victimized by
 a former employee who misappropriated and sold consumer information to a
 data broker who in turn sold a subset of that data to a limited number of
 direct marketing organizations. The incident does not involve any outside
 intrusion into, or compromise of, Certegy's technology systems.
     "As a result of this apparent theft, the consumers affected received
 marketing solicitations from the companies that bought the data," said Renz
 Nichols, President of Certegy Check Services. "We have no reason to believe
 that the theft resulted in any subsequent fraudulent activity or financial
 damage to the consumer, and we are taking the necessary steps to see that
 any further use of the data stops."
     Certegy maintains bank account information in connection with its check
 authorization business that helps merchants to decide whether to accept
 checks as payment for goods and services. In addition, Certegy maintains
 check and credit card information in connection with its gaming operations
 that are designed to assist casinos in providing their customers with
 access to funds.
     This theft came to light when one of Certegy's retail check processing
 customers alerted Certegy to a correlation between a small number of check
 transactions and the receipt by the retailer's customers of direct
 telephone solicitations and mailed marketing materials. Certegy launched an
 immediate investigation and was unable to detect any breach of its security
 systems and, thereafter, engaged a forensic investigator to validate its
 findings. Unable to detect any compromise in its firewalls and other system
 security measures, Certegy requested that the U.S. Secret Service contact
 the marketing companies in question to trace the source of the data. The
 Secret Service was able to identify the company supplying the information
 and, with further assistance from Certegy, determined that the company was
 owned and operated by a Certegy employee. The employee was a senior level
 database administrator who was entrusted with defining and enforcing data
 access rights. To avoid detection, the technician removed the information
 from Certegy's facility via physical processes; not electronic
     Employee Betrayal
     Although the employee was authorized to access the consumer information
 in order to perform his job responsibilities, the removal and unlawful use
 of that information were, obviously, outside the scope of his employment
 and Certegy's knowledge. This unlawful transfer of company information
 violated the individual's confidentiality commitment to Certegy and is a
 severe breach of fiduciary duty. As a result, the employee was terminated.
 Certegy is taking appropriate steps to hold the dismissed employee
 responsible for his actions.
     No Evidence of Fraud
     The misappropriated information included names, addresses, and
 telephone numbers as well as, in many cases, dates of birth and bank
 account or credit card information. Approximately 2.3 million records are
 believed to be at issue, with approximately 2.2 million containing bank
 account information and 99,000 containing credit card information. The
 company is still investigating the time period over which the
 misappropriations occurred.
     While Certegy's investigation continues, it has seen no evidence that
 bank account or credit card information was used for anything other than
 marketing purposes, and is unaware of any instance of identity theft or
 fraudulent financial activity. Most importantly, Certegy is doing
 everything possible to ensure that any inconvenience experienced by
 consumers is minimized.
     Immediate Action
     Certegy is committed to a disciplined action plan designed to minimize
 the impact of the misappropriated consumer information, particularly to
      - Certegy has filed a civil complaint in St. Petersburg, Florida against
        the former employee and the marketing companies believed to have
        received the misappropriated data seeking retrieval of all consumer
        information as well as an injunction against any use.
      - Certegy has contacted the applicable marketing companies in order to
        obtain the return of all consumer information.
      - Certegy proactively engaged law enforcement and is encouraging
        immediate prosecution.
      - Certegy is in the process of making any required notifications to
        governing state regulatory agencies.
      - Certegy has alerted the nation's three major credit reporting agencies,
        TransUnion, Equifax and Experian.
      - Certegy has notified Visa and MasterCard of the incident.
      - Certegy is establishing a procedure for financial institutions to
        obtain information about their customers' accounts so that they can
        place them on an active fraud watch.
      - Certegy will be personally notifying all affected consumers of this
        misappropriation, and establishing a toll-free hotline to answer
        consumer questions.
      - Certegy has implemented a fraud watch on its internal systems for those
        checking accounts that are implicated.
      - Certegy continually reviews its security policies, and is taking steps
        to help prevent future incidents.
      - Certegy continues to confirm that there was no financial or identity
        theft caused by this incident; only the improper use of information for
        telemarketing and mail solicitations.
     Based on the investigation to date, Certegy does not expect that the
 costs to implement this action plan will materially impact financial
     Certegy will host a news conference via telephone (800) 289-0544 at
 9:30 am
     ET, Tuesday, July 3, 2007.
     Certegy is a conscientious company that takes its responsibility to
 protect and preserve consumer information very seriously. It carefully
 selects and screens employee candidates, monitors and supervises employees,
 and maintains a whistleblower hotline for employees to report fraudulent or
 criminal activity. Certegy also encourages its employees to report any
 improper behavior they witness. We regret this unfortunate incident
 happened despite all of these efforts. Resolving this matter and
 implementing additional safeguards is the company's highest priority.
     "I am extremely proud of the employees and law enforcement officials
 who are working diligently to uncover the facts in this incident. On behalf
 of Fidelity National Information Services and our Certegy subsidiary, I
 want to express my deep sadness and heartfelt apology over this incident,"
 said Lee A. Kennedy, President and Chief Executive Officer, Fidelity
 National Information Services. "We will do everything possible to ensure no
 consumer is harmed because of this horrible betrayal."
     Forward Looking Statements
     This press release contains forward-looking statements that involve a
 number of risks and uncertainties. Statements that are not historical
 facts, including statements about our beliefs and expectations, are
 forward-looking statements. Forward-looking statements are based on
 management's beliefs, as well as assumptions made by, and information
 currently available to, management. Because such statements are based on
 expectations and are not statements of fact, actual events and results may
 differ materially from those projected. We undertake no obligation to
 update any forward-looking statements, whether as a result of new
 information, future events or otherwise. The risks and uncertainties which
 forward-looking statements are subject to include, but are not limited to,
 the possibility that additional facts are discovered in our continuing
 investigation and the reactions of consumers, regulators and others to the
 events described above.

SOURCE Fidelity National Information Services, Inc.