MSNBC - Another big data broker reports breach

MSNBC.com
Another big data broker reports breach
LexisNexis says records on 32,000 people accessed

The Associated Press
Updated: 1:22 p.m. ET March 9, 2005


NEW YORK - Using misappropriated passwords and identification from legitimate customers, intruders got access to personal information on as many as 32,000 U.S. citizens in a database owned by LexisNexis, the company's corporate parent said Wednesday.

Reed Elsevier Group PLC said the breach of its recently acquired Seisint unit was being investigated by staff and U.S. law enforcement authorities. LexisNexis is based in Dayton, Ohio.

Boca Raton, Fla.-based Seisint stores millions of personal records including individuals' addresses and Social Security numbers. Customers include police and legal professionals and public and private sector organizations.

Reed Elsevier bought Seisint — which provides data for Matrix, a crime and terrorism database project funded by the U.S. government that has raised concerns among civil liberties groups —for $775 million in August.

The breach at Seisint is the second of its kind at a large information provider in recent months.

Rival data broker ChoicePoint Inc. said last month that the personal information of 145,000 Americans may have been compromised in a breach in which thieves posing as small business customers gained access to its database.

In the ChoicePoint scam, at least 750 people were defrauded, authorities say. The case in the United States fueled consumer advocates' calls for federal oversight of the loosely regulated data-brokering business, and Capitol Hill hearings are due to be scheduled on the issue.

In the Seisint breach, information accessed included names, addresses, Social Security and driver license numbers, but not credit history, medical records or financial information, Reed Elsevier said in a statement.

The company will notify affected customers soon, said Kurt Sanford, president and chief executive of LexisNexis corporate and federal markets.

It will provide them with ongoing credit monitoring "and other support to ensure that any identity theft that may result from these incidents is quickly detected and addressed," he said.

The company also is enhancing ID and password administrative procedures and requirements, he said.

"The U.S. law enforcement agencies have asked us not to say too much as they are in the process of trying to track down the people who are responsible," said Catherine May, a Reed Elsevier spokeswoman in London.

The spokeswoman said the breach was discovered during internal checking procedures of customers' accounts.

The company played down the effect of the security breach on its profits, reaffirming its target of higher earnings and at least 5 percent growth in revenues excluding acquisitions.

Reed Elsevier specializes in the education, legal and science sectors, publishing more than 10,000 journals, books and compact discs, as well as almost 3,000 Web sites and portals. It also organizes 430 trade exhibitions.

Copyright 2005 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

URL: http://www.msnbc.msn.com/id/7139522/

[Charles Schumer: Call your Westlaw rep. to apologize now!]