For the second time in less than a month, Americans are finding out that their private information may be in the hands of identity thieves.
Publisher and information broker Reed Elsevier announced today that criminals using a stolen identity and password gained access to information on as many as 32,000 Americans from a database in the company’s Seisint unit.
Reid Elsevier bought Seisint, which gathers and stores data on millions of individuals and sells the data to police and legal professionals as well as private and public organizations, in August and placed it within its LexisNexis unit.
Medical, Financial Information Untouched
The information accessed includes names, addresses, social security numbers and drivers’ license numbers, but not credit history, medical records or financial information, Reed Elsevier said in a press release.
The company discovered the breach only when a customer complained about abilling problem, which led to an internal check of accounts.
A Reed Elsevier spokesperson said that U.S. law enforcement officials haveasked the company to keep the details quiet to aid in their investigation.
In mid-February, ChoicePoint, a Seisint competitor, announced that identitythieves had accessed the data of at least 145,000 people. In the wake of theincident, the Securities and Exchange Commission began an investigation ofthe company. Earlier this week, ChoicePoint said it would limit the sale ofpersonal data, and today it hired a chief privacy officer.
Regulation Coming
An analyst told TechNewsWorld that this attack is sure to spur governmental action.
“This adds fuel to the already-raging fire sparked [by] the ChoicePoint incident,” said Jonathan Penn, principal analyst for security and identity at Forrester Research. “We’re absolutely going to see federal legislative action on this — both general privacy regulation as well as regulations on data brokers like Reed Elsevier and ChoicePoint and Acxiom, all of whom experienced breaches.”
LexisNexis said it will notify anyone whose data was stolen and providecredit monitoring for them. The company also said that it is cooperatingwith law enforcement and has begun taking steps to protectdata more securely.
ChoicePoint was fooled by thieves posing as legitimate businesses who werethen able to extract the personal information of thousands of consumers. Thecompany stores Social Security numbers, credit reports, addresses and otherdata for the vast majority of Americans.