- The Washington Times - Wednesday, March 9, 2005

NEW YORK (AP) — Intruders, using stolen passwords from legitimate customers, accessed personal information on as many as 32,000 U.S. citizens in a database owned by the information broker Lexis Nexis, the company said yesterday.

The announcement comes on the heels of a series of similar high-profile breaches, the most serious affecting another large data broker, ChoicePoint Inc., in which scores of identities were stolen.

The ChoicePoint case, as well as other data losses including one affecting about 1.2 million federal employees with Bank of America charge cards, have prompted an outcry for federal oversight of a loosely regulated commercial sector. In the data-brokering business, sensitive data about nearly every adult American are bought and sold.

The first in a series of Capitol Hill hearings is scheduled for today.

At Lexis Nexis, criminals found a way to compromise the log-ins and passwords of a handful of legitimate customers to get access to the database, said Kurt Sanford, the company’s chief executive officer.

The database that was breached, called Accurint, sells reports for $4.50 each that include a person’s Social Security number, past addresses, date of birth and voter registration information, including party affiliation.

No credit history, medical records or financial information were accessed in the breach, Lexis Nexis parent company Reed Elsevier Group PLC said.

The Accurint database is part of the Seisint unit, which Lexis Nexis bought in August. Mr. Sanford said a team examining Seisint’s data security routines in February noticed abnormal usage patterns and suspicious billing on some accounts.

He said the team told superiors, who notified law enforcement.

“What we’re doing now is trying to act as quickly and responsibly as possible to lend a helping hand to consumers who might have been adversely impacted by these incidents,” Mr. Sanford said.

He refused to name the law-enforcement agencies involved.

“That only has the potential to compromise the investigation,” he said. “We are trying to catch the bad guys here.”

The company said it will be notifying affected customers in the coming days.

It will provide them with ongoing credit monitoring “and other support to ensure that any identity theft that may result from these incidents is quickly detected and addressed,” the company said. Lexis Nexis said it was also tightening up password and log-in procedures.

Lexis Nexis paid $775 million for Boca Raton, Fla.-based Seisint, which also provides data for Matrix, a crime and terrorism database project funded by the U.S. government.

stores millions of personal records, including information on bankruptcies, corporate affiliation, driver’s licenses, neighbors and criminal records. Customers include police, lawyers and businesses.

Lexis Nexis paid $775 million for Seisint, which also provides data for Matrix, a crime and terrorism database project created in 2002 and funded by the U.S. government. Thirteen states originally participated but most later pulled out, citing citizen privacy and other concerns. Seisint was founded by a millionaire, Hank Asher, who stepped down from its board of directors last year after revelations of past ties to Bahamian drug smugglers.

LOAD COMMENTS ()

 

Click to Read More

Click to Hide