Nova Information Systems Denies Charges of Database Security Violations

A former database administrator for NOVA Information Systems has charged that the company has routinely neglected data security on databases that contains billions of credit card numbers and millions of business owners' social security numbers and other sensitive information. These charges were listed in a DOL corporate fraud whistleblower complaint filed in April (OALJ Case No. 2005SOX00107). NOVA Information Systems is the 3rd largest credit card processor in the US, with a large operations center in Knoxville, Tennessee. NOVA is a fully owned subsidiary of US Bancorp (USB).

(PRWEB) October 31, 2005 -- A former database administrator for NOVA Information Systems has charged that the company has routinely neglected data security on databases that contains billions of credit card numbers and millions of business owners' social security numbers and other sensitive information. These charges were listed in a DOL corporate fraud whistleblower complaint filed in April (OALJ Case No. 2005SOX00107). NOVA Information Systems is the 3rd largest credit card processor in the US, with a large operations center in Knoxville, Tennessee. NOVA is a fully owned subsidiary of US Bancorp (USB).

The complaint alleges that NOVA management retaliated against Walton for reporting her concerns about data-security violations. NOVA is required to adhere to strict data security regulations under both federal law and audit standards of VISA Intl.

Walton stated that the retaliation began shortly after a June 2004 meeting with NOVA's Executive Vice President Erik Toivenen in which she outlined concerns about NOVA's lack of adherence to mandated database security procedures. Walton said the retaliation caused extreme stress that forced her to take disability leave in March 2005.

According to the Washington, DC newsletter, Privacy Times, NOVA representatives vehemently denied the both the discrimination and security violation charges (Privacy Times, Volume 25, Number 20 October 25,2005).

NOVA is a direct competitor of Cardsystems, Inc., which was involved in a highly publicized security breach earlier in the year. As many as 40 million credit card accounts were compromised during the breach, initiating federal and industry investigations as well as a Congressional hearing in July.

Walton originally filed the complaint with the Occupational Safety and Health Administration (OSHA), which has jurisdiction over the initial investigation of whistleblower complaints filed under the Sarbanes-Oxley Act of 2002. OSHA dismissed the case in August finding that Walton did not qualify as a whistleblower under Sarbanes-Oxley. Walton has appealed OSHA's decision to the Labor Department's Office of Administrative Law Judges. Walton's complaint seeks reinstatement and $1 million in damages.

###