LexisNexis profiles theft worse than reported

Filed under
Security

Up to 10 times as many people as originally thought may have had their profiles stolen from a LexisNexis database in the United States, publisher and data broker Reed Elsevier Group PLC said today.

The company reported last month that criminals may have accessed personal details of 32,000 people via a breach of LexisNexis' recently acquired Seisint unit. It now says that figure is closer to 310,000 people.

Reed said it had identified 59 incidents since January 2003 in which unauthorized persons, predominantly using IDs and passwords of legitimate Seisint customers, may have fraudulently acquired personal identifying information on those thousands of people.
Information accessed included names, addresses, Social Security and driver license numbers, but not credit history, medical records or financial information, the company said.

Reed spokesman Patrick Kerr said the company uncovered the first batch of breaches during a review and integration of Seisint's systems shortly after it purchased the Boca Raton, Florida-based unit for $775 million in August.
"That's when this situation started becoming obvious," Kerr said.

Seisint, which provides data for Matrix, a crime and terrorism database project funded by the U.S. government that has raised concerns among civil liberties groups — stores millions of personal records including individuals' addresses and Social Security numbers. Customers include police and legal professionals and public and private sector organizations.

The company said the 59 identified incidents — 57 at Seisint and two in other LexisNexis units — largely related to the misappropriation by third parties of IDs and passwords of legitimate customers and stressed that neither LexisNexis nor the Seisint technology infrastructure was breached by hackers.

Full Story.