The identity thieves who stole passwords to tap personal data from information broker LexisNexis hacked the records of more than 300,000...

Share story

The identity thieves who stole passwords to tap personal data from information broker LexisNexis hacked the records of more than 300,000 Americans, 10 times what the company first acknowledged, the company disclosed yesterday.

The announcement by London-based Reed Elsevier, which owns LexisNexis, indicates security problems in the industry are more widespread than first thought.

The company said it had uncovered 59 cases in which unauthorized persons “using IDs and passwords of legitimate customers” fraudulently acquired personal identifying data from its databases.

“This is the latest note in a steady stream of security breaches that are a chilling reminder of the importance of protecting our personal information in the digital age,” said Sen. Patrick Leahy, D-Vt., the ranking Democrat on the Senate Judiciary Committee.

Most Read Stories

Unlimited Digital Access. $1 for 4 weeks

Leahy said the incident showed there is not yet a solution to secure electronic personal information “across a variety of industries, including data brokers.”

The Judiciary Committee has called a number of officials to a meeting today to examine weaknesses in ensuring privacy of electronic data, including Federal Trade Commission Chairwoman Deborah Majoras and top FBI anti-crime officials.

Reed Elsevier’s director of corporate relations, Catherine May, emphasized LexisNexis’ infrastructure was not breached. “This is about misuse of legitimate passwords and means of access,” May said from London.

LexisNexis estimates that information on 310,000 U.S. individuals may have been accessed. When it first reported the thefts March 9, it said about one-third of the victims were California residents; it now puts the number of Californians at 64,145.

LexisNexis said it will notify all individuals involved and is offering free credit-bureau reports, credit monitoring for one year and fraud insurance. The company said it is cooperating with authorities in an investigation of “potentially fraudulent misuse” of the data by hackers.

Reed Elsevier said the stolen data do not include “personal credit histories, medical records or financial records on individuals.”

“The information concerned relates to names and addresses and other personal identifying information such as Social Security and driver’s license numbers,” Reed Elsevier said.

Another major data provider, ChoicePoint, was the victim of a mass infiltration by hackers this year. Several members of Congress have said they plan to introduce legislation calling for closer monitoring of information brokers by the Federal Trade Commission.

LexisNexis is investigating whether the fraud was carried out by people who posed as legitimate customers or whether they gained access fraudulently.

“We don’t know yet,” said Steve Edwards, director of LexisNexis corporate communications. “We know they used legitimate customer logins and passwords.”

LexisNexis customers with passwords include government agencies, law enforcement, banks and insurance companies, Edwards said.

Today, senators in Washington will also hear from ChoicePoint CEO Douglas Curling and LexisNexis President Kurt Sanford.

Leahy said the Judiciary Committee hopes to “examine how to ensure that security practices meet appropriate standards of care and that sufficient notice is given when breaches do occur, so we can prevent identity theft and other crimes and restore marketplace confidence.”