March 10, 2005 - (HOSTSEARCH.COM) – In the latest stolen identity incident following the Bank of America theft of backup tapes containing over 1 million federal employees personal information records and ChoicePoint’s selling of 500,000 records to fraudulent criminal front companies hackers have now compromised databases belonging to LexisNexis and stolen information on at least 32,000 people, according to a statement issued today by LexisNexis's parent company, Reed Elsevier.
Names, Social Security numbers, addresses, passwords and drivers license numbers of legitimate customers of the company's Seisint division were stolen. Seisint collects data on individuals that law enforcement agencies and private companies use for debt recovery, fraud detection, and other services.
LexisNexis identified the incidents in a review of security procedures and warned that there may be more incidents of data theft, Reed Elsevier said.
Seisint made news in recent years as the data source behind the Multistate Anti-Terrorism Information Exchange (MATRIX) system, a program to bring together criminal and public records from participating U.S. states.
Despite the security breach, Kurt Sanford, the company's chief executive, defended LexisNexis's business. “The company provides important products for fraud detection and identity authentication that are used by officials in law enforcement and homeland security, as well as by the private sector. The information is used to "safeguard citizens, find missing children, and reduce consumers' financial losses," Sanford said.
Since disclosing the security breach, ChoicePoint has been the subject of a U.S. Federal Trade Commission inquiry into its compliance with federal information security laws, a U.S. Securities and Exchange Commission (SEC) investigation into possible insider stock trading violations by its CEO, and lawsuits alleging violations of both the federal Fair Credit Reporting Act (FCRA) and California state law. ChoicePoint disclosed the inquiries in a filing to the SEC on March 4.
The irresponsible way in which these companies have failed to protect vital personal information which they collect and sell is shamefully highlighted by these pharming attacks which have led to more than 750 cases of identity fraud in the ChoicePoint scandal alone. If a company is going to collect such data than they should be held absolutely responsible for losing it or selling it to criminals in the same way a bank must be responsible for protecting their client’s money.
