LexisNexis security breach endangers 310,000 customers
By Steve Malone
Posted on 13 Apr 2005 at 11:15
LexisNexis, an online legal division of the Anglo-Dutch company Reed Elsevier, has admitted that a security flaw in its legal brokering unit meant that the personal details of up to 310,000 customers in the US were at risk.
The breach occurred through a LexisNexis subsidiary known as Seisnet, a data brokering company that compiles information from federal records and probably holds information most US citizens. The personal details held include information such as Social Security numbers (SSN) and driver's licence information.
LexisNexis admitted that it has so far discovered 59 separate instance where unauthorised users 'may have fraudulently acquired personal identifying information,' through Seisint.
The company says that the breaches followed the theft of login details such as IDs and passwords from legitimate Seisint customers who had permission to access Social Security and driving licence numbers to allow them to confirm identities, ironically designed to prevent and detect fraud.
The situation is far worse than previously admitted. Until now, only 30,000 customers have been contacted to say that their personal details were at risk. Now, it seems another 280,000 persons may have had their data stolen. The company is offering these individuals free credit monitoring facilities to help them watch for unauthorised withdrawals.
' We are taking action to notify individuals where we found some indication that they might have some risk of identity theft or fraud, even if that risk did not appear to be significant,' said Kurt Sanford the CEO for Corporate and Federal Markets at LexisNexis.
An embarrassed LexisNexis and Seisint say they are changing their procedures to improve the protection of customers' passwords and IDs. LexisNexis will limit access to the SSNs by extending its more restrictive policies to the Seisint business. The new policies include truncating SSNs displayed in non-public documents and narrowing access to full SSNs and driver licence numbers to trusted agencies such as law enforcement, banks and insurance companies.
LexisNexis says it has alerted law enforcement agencies and is helping with investigations.
From around the web
advertisement
- Laptop bag reviews: nine tested
- Sony VAIO T Series Ultrabook review: first look
- Revealed: the military standards and robots HP uses to test its laptops
- Windows 8: multi-monitors and double standards?
- Why is TalkTalk's year-old porn filter suddenly big news?
- Why are laptop screens so far behind mobiles?
- HP EliteBook Folio review: first look
- The shoebox-sized all-in-one printer
- Forget the Ultrabook: here comes the HP Sleekbook
- HP Spectre XT review: first look
- Why you have to be left in the dark on OS patches
- Publishing your email address isn't a security disaster
- Why antivirus is fighting a losing battle in your office
- Four year olds used to steal their parents' data
- An acceptable use policy for your kids
- Paying for your crimes with Bitcoin
- Pavement hacking: What it is and how to avoid it
- Google's risky pre-loaded pages
- Mac under attack: how secure is Apple's OS?
- Has your browser been hijacked?
advertisement
