Fidelity National Information (FNI) subsidiary Certegy Check Services has had a data breach as a result of an employee misappropriating data. This was not an outside attack by data thieves, but rather the unlawful act of an employee.

A Certegy employee, who worked on consumer databases, physically removed 2.3 million consumer data records to resell. The former employee sold consumer information to a data broker, who then sold it to a number of direct marketing companies. The employee has now been terminated and is facing charges.

Certegy approached the situation as a possible security breach, knowing only that consumer data was correlating with direct marketing. When their investigations, followed by an outside audit, did not turn up any security breach, the US Secret Service was called in to investigate the matter.

“As a result of this apparent theft, the consumers affected received marketing solicitations from the companies that bought the data,” said Renz Nichols, President of Certegy Check Services. “We have no reason to believe that the theft resulted in any subsequent fraudulent activity or financial damage to the consumer, and we are taking the necessary steps to see that any further use of the data stops.”

The data misappropriated included names, addresses and telephone numbers, along with (in some cases) bank information, for 2.3 million people. Investigations to date have not uncovered any fraudulent activity or identity theft as a result of the breach. Certegy will be notifying all 2.3 million customers to alert them to the breach and have alerted the credit reporting agencies of the incident.

Certegy has exposed one of the important areas of security policies - knowing who has access to what data. Although this employee had access to consumer data to do his job, it was not apparent that the data was being copied. Luckily for Certegy and for the 2.3 million customers, the data only went to direct marketing firms. It could have been much worse.

Via CNN Money ; Tags: certegy, data breach, employee betrayal, data misappropriation, database, consumer data, identity theft, fni