Data Under Siege
ID Thieves Breach LexisNexis, Obtain Information on 32,000

By Jonathan Krim and Robert O'Harrow Jr.
Washington Post Staff Writers
Thursday, March 10, 2005; Page E01


Identity thieves have penetrated another company that collects and sells personal information on millions of U.S. consumers, the latest in a series of breaches that is throwing a spotlight on the practices and safeguards of a booming data-collection industry.

LexisNexis, a worldwide provider of legal and business data, announced yesterday that information about 32,000 consumers was fraudulently gathered in a series of incidents. The data include names, addresses, Social Security and driver's license numbers.


The breaches occurred at the company's recently acquired Seisint Inc. subsidiary, a Florida firm that sells data amassed from extensive public records searches to law enforcement agencies, businesses, private investigators and others.

Kurt Sanford, president and chief executive of the LexisNexis corporate and federal markets unit, said company investigators discovered that fraud artists had assumed the identities and used the passwords of legitimate customers to download the customer data.

"LexisNexis very much regrets this and will be notifying all the individuals concerned and providing them with ongoing credit monitoring and practical support to ensure that any identity theft is quickly detected and addressed," the company said in a press release.

The breaches occurred in January, and the company is continuing to investigate, working with the Secret Service.

The announcement comes just weeks after a LexisNexis competitor, ChoicePoint Inc., revealed an even larger security lapse that enabled fraud artists posing as legitimate businessmen in Los Angeles to access personal information about at least 145,000 people around the country.

Investigators are exploring whether the suspect in that case also compromised LexisNexis and other information services.

The ChoicePoint disclosure last month was followed by revelations that Bank of America Corp. had lost computer tapes containing financial data on 1.2 million federal workers, including U.S. senators.

Then late Tuesday, shoe retailer DSW Inc. revealed that credit card numbers of people who shopped at 103 of its 175 stores had been obtained by hackers.

Data Under Siege

The company is not saying how many consumers might be affected, but is recommending that shoppers at any DSW store monitor their credit card activity closely. The company has several stores in the Washington area.

The breaches have spurred plans for several hearings on Capitol Hill that begin today. The relatively obscure information-broker business will get particular scrutiny, with its major companies maintaining and selling names, Social Security numbers, driver's license information, credit card data and other records on virtually every U.S. adult.

Seisint alone claims to have 20 billion records in its system.

"This is the latest window on security weaknesses that jeopardize the personal information that data brokers hold . . . and the view is a chilling one," said Sen. Patrick J. Leahy (D-Vt.), the top Democrat on the Senate Judiciary Committee. "Data brokers are also increasingly partners with the government in important law enforcement and homeland security efforts, and their performance in protecting data is one of the important criteria in evaluating those relationships."

Sen. Arlen Specter (R-Pa.), who heads the Judiciary Committee, said the breaches are "becoming an epidemic. It's very serious. Privacy is one of our most prized values."

Sanford, the LexisNexis executive, said the breach at his firm was discovered in January by a team of LexisNexis employees examining the security and authentication procedures used by Seisint.

The team was trying to figure out how to "sync everything up" between the LexisNexis and Seisint computer systems, Sanford said.

LexisNexis Group acquired Seisint last summer for $775 million in cash. At the time, Seisint was best known as the company behind a counter-terrorism supercomputer called the Matrix, which enabled law enforcement and intelligence authorities to blend investigative files with billions of public records.

In buying Seisint last summer, LexisNexis aimed to compete more aggressively with ChoicePoint for lucrative homeland security and law enforcement contracts. Seisint's main product is Accurint, a service that markets the possibility of giving police, private investigators, lawyers and others access into every corner of society.

"Instantly FIND people, their assets, their relatives, their associates, and more," the company's marketing material said. "Search the entire country for less than the cost of a phone call -- a quarter."




http://www.washingtonpost.com/wp-dy...2-2005Mar9.html