Tuesday, April 12, 2005

Incident: LexisNexis Data on 310,000 more people compromised

Hot off the wires....

Apparently internal investigations by LexisNexis related to the original security breach announced in March has revealed that 310,000 more people are affected than originally stated:

Yahoo! News - LexisNexis Data on 310,000 People Feared Stolen:

"NEW YORK/AMSTERDAM (Reuters) - Data broker LexisNexis said Tuesday that personal information may have been stolen on 310,000 U.S. citizens, or nearly 10 times the number found in a data breach announced last month.

An investigation by the firm's Anglo-Dutch parent Reed Elsevier determined that its databases had been fraudulently breached 59 times using stolen passwords, leading to the possible theft of personal information such as addresses and Social Security numbers.

LexisNexis, which said in March that 32,000 people had been potentially affected by the breaches, will notify an additional 278,000 individuals whose data may have been stolen.

Of the initial group contacted, only 2 percent asked the company to conduct an investigation of their credit records. LexisNexis has found no cases of identity theft, such as using a stolen Social Security number to apply for a credit card.

'We need to write to them and offer the same kind of support and investigation we offered the original 32,000,' a Reed Elsevier spokeswoman said.

'Of the original group, it's somewhat encouraging that none of them has suffered identity theft.'

Law enforcement authorities are assisting the company's investigations, which coincide with a rash of similar break-ins at other companies handling consumer data...."

For information on the original breach, see PIPEDA and Canadian Privacy Law: Incident: Personal information of 32,000 stolen from LexisNexis.

More coverage and update:

No comments: