CRM News: Security: Identity Theft Hits Another Data Broker

Identity Theft Hits Another Data Broker

By Susan B. Shor
TechNewsWorld
Part of the ECT News Network
03/09/05 10:27 AM PT

"This adds fuel to the already-raging fire sparked [by] the ChoicePoint incident," said Jonathan Penn of Forrester Research. "We're absolutely going to see federal legislative action on this."

For the second time in less than a month, Americans are finding out that their private information may be in the hands of identity thieves.

Publisher and information broker Reed Elsevier announced today that criminals using a stolen identity and password gained access to information on as many as 32,000 Americans from a database in the company's Seisint unit.

Reid Elsevier bought Seisint, which gathers and stores data on millions of individuals and sells the data to police and legal professionals as well as private and public organizations, in August and placed it within its LexisNexis unit.

Medical, Financial Information Untouched

The information accessed includes names, addresses, social security numbers and drivers' license numbers, but not credit history, medical records or financial information, Reed Elsevier said in a press release.

The company discovered the breach only when a customer complained about a billing problem, which led to an internal check of accounts.

A Reed Elsevier spokesperson said that U.S. law enforcement officials have asked the company to keep the details quiet to aid in their investigation.

In mid-February, ChoicePoint, a Seisint competitor, announced that identity thieves had accessed the data of at least 145,000 people. In the wake of the incident, the Securities and Exchange Commission began an investigation of the company. Earlier this week, ChoicePoint said it would limit the sale of personal data, and today it hired a chief privacy officer.

Regulation Coming

An analyst told TechNewsWorld that this attack is sure to spur governmental action.

"This adds fuel to the already-raging fire sparked [by] the ChoicePoint incident," said Jonathan Penn, principal analyst for security and identity at Forrester Research. "We're absolutely going to see federal legislative action on this -- both general privacy regulation as well as regulations on data brokers like Reed Elsevier and ChoicePoint and Acxiom (Nasdaq: ACXM), all of whom experienced breaches."

LexisNexis said it will notify anyone whose data was stolen and provide credit monitoring for them. The company also said that it is cooperating with law enforcement and has begun taking steps to protect data more securely.

ChoicePoint was fooled by thieves posing as legitimate businesses who were then able to extract the personal information of thousands of consumers. The company stores Social Security numbers, credit reports, addresses and other data for the vast majority of Americans.