A former database administrator at Fidelity National Information Services has pleaded guilty to stealing 8.4 million customer records from its Certegy unit and selling it on to data brokers.
William Sullivan, 54, of Largo, pleaded guilty to conspiracy and fraud in connection with computers in a federal court in Tampa, Florida.
Sullivan was a senior level database administrator who was responsible for enforcing data access rights at Certegy. It is thought he removed the data from the Certegy facility using "physical processes" - not electronic transmission - in order to avoid detection.
A statement released by US Attorney Robert O'Neill details a plea agreement made by Sullivan which states that between the beginning of 2002 and June 2007, he conspired with an un-indicted individual to exceed his authorised access to the Fidelty databases and misappropriate consumer information.
The stolen data - which included names, addresses, bank account information and credit and debit card details - was sold on by Sullivan's co-conspirator to others, including direct marketers.
"Sullivan was paid by the co-conspirator via business cheques totalling more than $580,000 over the course of the conspiracy for the fraudulently obtained data," says the statement.
Following his guilty plea Sullivan faces a maximum penalty of 10 years' imprisonment and a $500,000 fine.
In August San Francisco law firm Girard Gibbs filed a class action lawsuit against Fidelity on behalf of customers whose financial and personal data was stolen and handed over to third parties.
The complaint alleges that Certegy and Fidelity failed to implement and maintain adequate security measures to protect confidential financial and personal data, which subjected consumers to risk of ID fraud.