NEW YORK — Using stolen passwords from legitimate customers, intruders accessed personal information on as many as 32,000 U.S. citizens in a database owned by the information broker LexisNexis, the company said.
The announcement Wednesday comes on the heels of a series of similar high-profile breaches, the most serious affecting another large data broker, ChoicePoint Inc. in which scores of identities were stolen.
The ChoicePoint case, as well as other data losses including one affecting some 1.2 million federal employees with Bank of America charge cards, have prompted an outcry for federal oversight of a loosely regulated commercial sector. In the data-brokering business, sensitive data about nearly every adult American is bought and sold.
The first in a series of Capitol Hill hearings are scheduled for today.
At LexisNexis, criminals found a way to compromise the logins and passwords of a handful of legitimate customers to get access to the database, said Kurt Sanford, the company’s chief executive, told The Associated Press.
The database that was breached, called Accurint, sells reports for $4.50 each that include an individual’s Social Security number, past addresses, date of birth and voter registration information, including party affiliation.
No credit history, medical records or financial information were accessed in the breach, LexisNexis parent company Reed Elsevier Group PLC said in a statement.
The Accurint database is part of the Seisint unit, which LexisNexis bought in August. Sanford said a team examining Seisint’s data security routines in February noticed abnormal usage patterns and suspicious billing on some accounts.
He said the team told superiors, who notified law enforcement. Both internal and external investigations continue, he said.
“What we’re doing now is trying to act as quickly and responsibly as possible to lend a helping hand to consumers who might have been adversely impacted by these incidents,” Sanford said.
Sanford refused to name the law enforcement agencies involved.
“That only has the potential to compromise the investigation,” he said. “We are trying to catch the bad guys here.”
The company will be notifying affected customers in the coming days, a company statement said.
It will provide them with ongoing credit monitoring “and other support to ensure that any identity theft that may result from these incidents is quickly detected and addressed,” it said. LexisNexis said it was also tightening up password and login procedures.
Boca Raton, Fla.-based Seisint stores millions of personal records, including information on bankruptcies, corporate affiliation, drivers licenses, neighbors and criminal records. Customers include police, lawyers and businesses.
LexisNexis paid $775 million for Seisint, which also provides data for Matrix, a crime and terrorism database project created in 2002 and funded by the U.S. government. Thirteen states originally participated but most later pulled out, citing citizen privacy and other concerns.
Local journalism is essential.
Give directly to The Spokesman-Review's Northwest Passages community forums series -- which helps to offset the costs of several reporter and editor positions at the newspaper -- by using the easy options below. Gifts processed in this system are not tax deductible, but are predominately used to help meet the local financial requirements needed to receive national matching-grant funds.
Subscribe now to get breaking news alerts in your email inbox
Get breaking news delivered to your inbox as it happens.