Wednesday, April 13, 2005

LexisNexis theft much worse than thought

MSNBC.com

LexisNexis theft much worse than thought
Data broker: Up to 10 times as many affected
The Associated Press
Updated: 12:11 p.m. ET April 12, 2005

LONDON - Publisher and data broker Reed Elsevier Group PLC said Tuesday that up to 10 times as many people as originally thought may have had their profiles stolen from one of its U.S. databases.

The company reported last month that intruders may have accessed personal details of 32,000 people via a breach of its legal and business information service LexisNexis’ recently acquired Seisint unit. It now says that figure is closer to 310,000 people.

The breach, discovered during internal checking procedures of customers’ accounts, is being investigated by U.S. law enforcement authorities.

Information accessed included names, addresses, Social Security and driver license numbers, but not credit history, medical records or financial information, the Anglo-Dutch group said in a statement to the London Stock Exchange.

“LexisNexis is notifying all these individuals and is offering free support services, including credit bureau reports, credit monitoring for one year and fraud insurance, to monitor and protect them from possible fraud associated with identity theft,” the company said.

Boca Raton, Fla.-based Seisint stores millions of personal records. Customers include police and legal professionals and public and private sector organizations.

Reed Elsevier bought Seisint — which provides data for Matrix, a crime and terrorism database project funded by the U.S. government that has raised concerns among civil liberties groups — for $775 million in August.

Reed Elsevier said only 2 percent of the 32,000 people it notified about the possible theft of their personal information in March have contacted LexisNexis to accept its offer of free credit reports and credit monitoring, and none has so far advised LexisNexis that they have experienced any form of identity theft.

The company said the incidents “predominantly relate to misappropriation by third parties of IDs and passwords from legitimate customers of Seisint” and stressed that neither LexisNexis nor the Seisint technology infrastructure was breached by hackers.

The company played down the impact of the security breach on its profits, reaffirming its target of higher earnings and at least 5 percent growth in revenues excluding acquisitions.

The breach at Seisint is the second of its kind at a major information provider in recent months. Rival data broker ChoicePoint Inc. announced last month that the personal information of 145,000 Americans may have been compromised in a breach in which people posing as small business customers gained access to its database.

In the ChoicePoint situation, at least 750 people were defrauded, authorities say. The incident in the United States fueled consumer advocates’ calls for federal oversight of the loosely regulated data-brokering business, and Capitol Hill hearings are being held on the issue.

Reed Elsevier specializes in the education, legal and science sectors, publishing more than 10,000 journals, books and compact discs, as well as almost 3,000 Web sites and portals. It also organizes 430 trade exhibitions.