Ever hear of the company Certegy? Be frightened, very frightened.

[thewayne]

Certegy provides check processing services to a HUGE number of retail operations throughout the United States, possibly credit card processing internationally. Wal Mart? Best Buy? Certegy customers.

They weren't hacked, they were robbed. A database administrator, which is what I do for a living, stole banking and credit card information from 2.3 million accounts, and SOLD THEM TO MARKETERS. It has since been found that a large number of people are experience a variety of problems ranging from identity theft to having their accounts plundered. Class action law suits are being formed even as we speak.

http://www.networkworld.com/news/2007/070307-fidelity-national-records.html

I'm not personally concerned because of my current checking account, one has never been used at Best Buy or Walmart, one was opened in April which is after the data theft, and the other is being closed. But PLEASE order copies of your credit ratings and keep a VERY close eye on your bank statements! The article says that Certegy is "implementing a fraud watch associated with the stolen records, has also notified credit-reporting agencies TransUnion, Equifax and Experian of the incident, in addition to notifying Visa and MasterCard.", but based on feedback to the article, people are having to get the credit monitoring in place themselves and lots of banks, including Wells Fargo IIRC, do not know this is going on.

Here's one reply to the article, there's something like 45 of them:
"I decdided to call them to see if I was included in their database, and if so how I could remove myself. The person I talked to said that she needed by Driver's license number, my routing number, and my account number to even tell if I was in the Database. But she added that if I had ever written a check or used my debit card at Wal Mart, Bestbuy or 374,998 other businesses in the US, then I was definately in their database. I asked how to remove myself from the database, and she replied stop writing checks or using my debit card. I then asked that since I was probably already in their database, how can I get the information removed? She said I cannot, it is Certegy property.


I'll be talking about preventing something like this from a technical side on my other blog.

Comments

[thedragonweaver.livejournal.com]

Last year Evil Rob's card was replaced by our credit union because it *might* have been compromised. In other words, they took information that a particular retail group had its data compromised, ran a check on their accounts to see who had dealt with them, and automatically issued a new card and password information to those accounts.

That is how it should be done, and that is why we use a credit union instead of banks.

[thewayne.livejournal.com]

That is a rare and precious thing. I'd say that CU is a keeper.

[thedragonweaver.livejournal.com]

Actually, come to think of it, they did the same thing to me. I actually forgot because it was so low-key.

Certegized!!!

[eppylover.livejournal.com]

Ahhh. So it's the Best Buy card that done dee did it. (We avoid Walmart.) Yeah, I got one of those letters from Certegy. You got one, also, huh. It says that there is no evidence that my particular account was affected.

I left a note on the Girard Gibbs site, just for good measure.

So now I'm gonna see if I can email Equifax, Experian or TransUnion to see if I can place a fraud alert, and then get my credit reports from all three. The Certegy letter to me indicates that's MY responsibility; it didn't say they were gonna do it for me. Wankers.

Hmmm. I wonder which one is most all-around efficient to place the fraud alert with (since they claim to share fraud alerts with each other) ~ or if it even matters.

Is there any way of knowing which of my other cards may have used the Certegy service?

_____________
p.s. We HAVE been getting five times more phone calls from several anonymous marketers since July. They all go to the answering-machine graveyard and I've been posting the numbers on the various phonewanker websites ~ without leaving my own phone number or any other personally-identifiable info, of course.

Re: Certegized!!!

[thewayne.livejournal.com]

Go to the https://www.donotcall.gov/default.aspx site and re-register your phone numbers, it is overall respected.

As far as I know, there's no way of telling which cards are registered by Certegy. According to one reply that I read, they wanted all sorts of identifying information from a guy who wanted to know if he was in their system, including bank account and routing info. There's no way that I would voluntarily give that info to them.

As far as placing fraud alerts, don't trust them to replicate information. Do it on all three individually. Their information is so inaccurate that they should not be trusted to do anything correctly.

Actually, I didn't get a letter from Certegy, but I also have a tendency to throw away mail from organizations that I do not recognize, so maybe I did get it and tossed it because I didn't recognize it.

re-register your phone numbers

[eppylover.livejournal.com]

Oh yeah, I already did that, and the gov't site told me that I was still registered from last time.

Some of the comments on those telemarketing reporting sites say that there are plenty of rogue marketers who disregard the "do not call" list... seems like they make enough $ by cheating people to more than make up for the few people who keep tabs & documentation and sue them and/or get fined.

About a lot of these calls, people have commented that there are a lot of so-called "research" companies who call and ask you a bunch of questions, dropping a certain brand name over and over and making "special offers" under the pretense of "polling" you. Evidentally these marketers are taking advantage of a loophole, because the law allows "research organizations" to poll via phone. And I'm sure they're finding a few suckers here and there to promote or sell them something.

Okay, yeah, you're right about the fraud alerts. Since I've gotta order reports from all three anyway, I might as well do the fraud thing with all three, too.

...oop, that's right, duh, I did read that reply about when that guy called for info and the company wanted all that private info. That's just not kosher! Michigan's own Carl Levin would be a good one to get on their asses to make this type of info totally public (or at least available by phone or email to ANYONE).

I wonder if that's one of the things Girard Gibbs is gonna do.

I'm scanning my copy of that Certegy letter, and when I get it uploaded I'll put it in a comment to you here.

Certegy letter

[eppylover.livejournal.com]

Click on 'em for readable size scans.

Request

[eppylover.livejournal.com]

_____________
p.p.s. ~
May I post a link on my LJ to this post of yours,
for the edification of mine own flisters?

Re: Request

[thewayne.livejournal.com]

Absetutely! Go right ahead, it's affecting people all over the country.

Re: Request

[eppylover.livejournal.com]

As two-year-old daughter Stephy told her aunt Nancy when she wouldn't buy her a toy during a shopping trip:

"Sanks a yot!" ;D

[thewayne.livejournal.com]

What I should be doing is alternating my wife and I: get mine in January, May, September, get Russet's in March, July, November. If something appears wonky on one of our's, there's a good chance they could be after both of us, so we can order both.