Certegy offers to settle lawsuit stemming from theft of data on 8.5M consumers

March 14, 2008 (Computerworld) In a move designed to avoid the time and costs associated with a protracted legal battle, Certegy Check Services Inc. has offered to settle a class-action lawsuit filed on behalf of 8.5 million people whose personal data was compromised by an insider theft that the company disclosed last July.

The 52-page settlement was proposed by St. Petersburg, Fla.-based Certegy on Jan. 9 but just came to light this week. It currently is under review by a U.S. District Court judge in Tampa.

Certegy, a check-processing company that is a subsidiary of Fidelity National Information Services Inc., said last summer that a rogue database administrator had illegally accessed and then sold the personal data of about 2.3 million consumers to data brokers. The company later upped the number of compromised accounts to 8.5 million in filings made to the U.S. Securities and Exchange Commission in August.

If accepted, Certegy's proposed settlement would give qualifying members of the plaintiffs class one year's worth of free credit monitoring services and $10,000 worth of identity theft insurance coverage, except for residents of New York, where the third-party credit monitoring firm being used by Certegy doesn't offer the insurance coverage. The settlement would also provide up to two year's worth of free bank account monitoring services for individuals whose banking information may have been compromised in the incident.

In addition, consumers who can show that they were victimized by identity theft as a result of the breach will be eligible for certain "out-of-pocket" costs, such as those resulting from bank overdraft fees, according to a copy of the settlement sent to Computerworld by Certegy.

But there are several caveats to that particular offer. For instance, Certegy has capped the total amount of money it will pay for identity theft claims to $4 million, which will be disbursed on a first-come, first-served basis. Claims have to be filed within 90 days of the discovery of an identity theft incident or before March 31, 2011 — whichever comes first. And the maximum amount that an individual can recover is $20,000.

Even then, people who sign up for a credit monitoring service with insurance coverage, such as the one offered by Certegy, will need to exhaust their coverage limits before they can file an identity theft claim with Certegy. And anyone who has declined such coverage will be eligible only for a maximum payment of $10,000 for any costs related to identity theft.

Certegy said that as part of the settlement, it also is willing to set aside up to $1 million to reimburse consumers for expenses they might have incurred thus far as a result of the breach. For instance, people who can show reasonable proof will be reimbursed up to $15 per month to a maximum of $180 for any credit monitoring services they have paid for, the company said. They also can claim up to $40 for the cost of opening up new checking accounts. Here again, though, the reimbursements will be available only on a first-come, first-served basis.