310,000 Exposed by LexisNexis Data Breach

Information publisher Reed Elsevier expanded today the
number of people it estimates were exposed to scammers on its LexisNexis
databases last month. They now say the number is likely 10 times more than
originally reported.

“The first figures were based only on our initial investigation,” Patrick Kerr, a spokesman for Reed Elsevier, told internetnews.com. Kerr said the company had expected the number to rise.

The investigation into the March heist revealed as many as 310,000 people
had personal information, including names, addresses and Social Security and
driver’s license numbers, exposed through the company’s legal and business
information service, LexisNexis.

The company said no credit history, medical records or financial
information was exposed.

Reed Elsevier said third
parties gained access
to IDs and passwords of paying customers of its
Seisint subsidiary to access LexisNexis’ records. The breach was discovered
during a routine review of the verification, authorization and security
procedures and policies for its businesses.

Kerr said the company had already notified the original 32,000 people
first identified about the breach, of which 2 percent, or approximately 600,
had taken it up on its offer to provide credit checks and monitoring to
ensure thieves weren’t using the information.

LexisNexis operates the services as part of its own U.S. Risk Management
business, and is used by law enforcement, homeland security, banks and other
businesses to reduce credit card and insurance fraud.

Kerr said the company would continue to tighten up security by
implementing significant improvements to customers’ password and ID
administration security processes. LexisNexis will continue its long-established support of effective federal and state data privacy policies and
practices.

To this point, nobody has claimed to be a victim of theft resulting from
the breach, according to Kerr. Elsevier has already begun the process of
notifying the 310,000 people whose information was compromised.

The scandal comes at a time when many institutions holding vital
statistics on individuals seems to be vulnerable. In February, credit-check
company ChoicePoint announced it had unwittingly handed over the information of 145,000 people to thieves, and several incidents on
university campuses last month exposed tens of thousands of records.

News Around the Web