LexisNexis begins to notify victims
DAYTON, Ohio — LexisNexis said on Monday that it has begun notifying about 280,000 people whose personal information may have been accessed by unauthorized individuals using stolen passwords and IDs.
Last week, LexisNexis disclosed that criminals may have breached computer files containing the personal information of 310,000 people, a tenfold increase over a previous estimate of how much data was stolen.
The Dayton-based company, a subsidiary of London-based publisher Reed Elsevier Group PLC, had previously identified 32,000 potential victims and has notified them already.
The first batch of breaches was uncovered during a review and integration of the systems of Seisint Inc. shortly after LexisNexis bought the Boca Raton, Fla.-based unit for $775 million in August.
Seisint’s databases store millions of personal records including individuals’ addresses and Social Security numbers. Customers include police and legal professionals and public and private sector organizations.
LexisNexis provides subscribers with information by collecting and storing large databases of news articles, business information, laws, court cases and public records.
One purpose of the notification letters is to tell potential victims that LexisNexis will provide free services designed to protect them from possible fraud associated with identity theft. The services include credit bureau reports, credit monitoring for one year and fraud insurance.
“We regret that individuals may have been affected by these illegal intrusions, and we want to do what we can to help protect them from possible identity theft or resolve any fraud that might have occurred,” chief executive Kurt Sanford said.
Information accessed included names, addresses, Social Security and driver’s license numbers, but not credit history, medical records or financial information, the company said.
The company said the 59 identified instances of fraudulently obtained information — 57 at Seisint and two in other LexisNexis units — are largely related to the improper use of IDs and passwords belonging to legitimate customers. It stressed that neither LexisNexis nor the Seisint technology infrastructure was breached by hackers.