Data theft at LexisNexis much larger

Company revises estimate by factor of 10, to 310,000

April 13, 2005|By LOS ANGELES TIMES

The identity thieves who stole passwords to tap personal data from information broker LexisNexis hacked the records of more than 300,000 Americans, 10 times what the company first acknowledged, the company disclosed yesterday.

The announcement by London-based Reed Elsevier, which owns LexisNexis, indicates that security problems in the industry are more widespread than first thought.

The company said that it had uncovered 59 cases in which unauthorized persons "using IDs and passwords of legitimate customers" fraudulently acquired personal identifying data from its databases.

Reed Elsevier's director of corporate relations, Catherine May, emphasized that LexisNexis' infrastructure was not breached. "This is about misuse of legitimate passwords and means of access," May said from London.

LexisNexis estimates that information on 310,000 U.S. individuals may have been accessed. When it first reported the thefts March 9, the company said about one-third of the victims were California residents; it now puts the number of Californians at 64,145.

LexisNexis said it will notify all individuals involved and is offering free credit bureau reports, credit monitoring for one year and fraud insurance. The company said it is cooperating with law enforcement authorities investigating hackers' "potentially fraudulent misuse" of the data.

Reed Elsevier said the stolen data do not include "personal credit histories, medical records or individuals' financial records; it involves "names and addresses and other personal identifying information such as Social Security and driver's license numbers."

The Los Angeles Times is a Tribune Publishing newspaper.

Baltimore Sun Articles
Please note the green-lined linked article text has been applied commercially without any involvement from our newsroom editors, reporters or any other editorial staff.