Using misappropriated passwords and identifications from legitimate customers, intruders got access to personal information on as many as 32,000 U.S. citizens.
NEW YORK — Using misappropriated passwords and identifications from legitimate customers, intruders got access to personal information on as many as 32,000 U.S. citizens in a database owned by Lexis-Nexis, the company’s corporate parent said today.
Reed Elsevier Group PLC said the breach of its recently acquired Seisint unit was being investigated by staff and by U.S. law enforcement authorities.
Boca Raton, Fla.-based Seisint stores millions of personal records, including individuals’ addresses and Social Security numbers. Customers include police and legal professionals and public and private sector organizations.
Reed Elsevier bought Seisint — which provides data for Matrix, a crime and terrorism database project funded by the U.S. government that has raised concerns among civil liberties groups — for $775 million in August.
The breach at Seisint is the second of its kind at a large information provider in recent months.
Rival data broker ChoicePoint Inc. said last month that the personal information of 145,000 Americans may have been compromised in a breach in which thieves posing as small business customers gained access to its database.
In the ChoicePoint scam, at least 750 people were defrauded, authorities say. The incident in the United States fueled consumer advocates’ calls for federal oversight of the loosely regulated data-brokering business, and Capitol Hill hearings are due to be scheduled on the issue.
In the Seisint breach, information accessed included names, addresses, Social Security and driver’s license numbers, but not credit history, medical records or financial information, Reed Elsevier said in a statement.
“We sincerely regret the circumstances that were recently announced,” said Kurt Sanford, president and chief executive officer of Lexis Nexis corporate and federal markets, in a statement.
The company will be notifying affected customers in the coming days, Sanford said. It will provide them with ongoing credit monitoring “and other support to ensure that any identity theft that may result from these incidents is quickly detected and addressed,” he said.
The company is also enhancing ID and password administrative procedures and requirements, he said.
“The U.S. law enforcement agencies have asked us not to say too much as they are in the process of trying to track down the people who are responsible,” said Catherine May, a Reed Elsevier spokeswoman in London.
The spokeswoman said the breach was discovered during internal checking procedures of customers’ accounts. Reed said it would contact all 32,000 people affected to offer them support in detecting identity theft, including credit monitoring.
The company played down the impact of the security breach on its profits, reaffirming its target of higher earnings and at least 5 percent growth in revenues excluding acquisitions.
Reed Elsevier specializes in the education, legal and science sectors, publishing more than 10,000 journals, books and compact discs, as well as almost 3,000 Web sites and portals. It also organizes 430 trade exhibitions.
Reed shares fell by more than 1 percent on the London Stock Exchange on Wednesday to $10.41.