Stolen passwords breach Lexis Nexis

• Article
• Comments ()
• Click-2-Listen
• Videos

By

NEW YORK (AP) -- Intruders, using stolen passwords from legitimate customers, accessed personal information on as many as 32,000 U.S. citizens in a database owned by the information broker Lexis Nexis, the company said yesterday.

The announcement comes on the heels of a series of similar high-profile breaches, the most serious affecting another large data broker, ChoicePoint Inc., in which scores of identities were stolen.

The ChoicePoint case, as well as other data losses including one affecting about 1.2 million federal employees with Bank of America charge cards, have prompted an outcry for federal oversight of a loosely regulated commercial sector. In the data-brokering business, sensitive data about nearly every adult American are bought and sold.

The first in a series of Capitol Hill hearings is scheduled for today.

At Lexis Nexis, criminals found a way to compromise the log-ins and passwords of a handful of legitimate customers to get access to the database, said Kurt Sanford, the company's chief executive officer.

The database that was breached, called Accurint, sells reports for $4.50 each that include a person's Social Security number, past addresses, date of birth and voter registration information, including party affiliation.

No credit history, medical records or financial information were accessed in the breach, Lexis Nexis parent company Reed Elsevier Group PLC said.

The Accurint database is part of the Seisint unit, which Lexis Nexis bought in August. Mr. Sanford said a team examining Seisint's data security routines in February noticed abnormal usage patterns and suspicious billing on some accounts.

He said the team told superiors, who notified law enforcement.

"What we're doing now is trying to act as quickly and responsibly as possible to lend a helping hand to consumers who might have been adversely impacted by these incidents," Mr. Sanford said.