ID thieves get access to records of 32,000
LexisNexis detects database break-in during security check
Computer thieves used stolen passwords to access data on 32,000 Americans at a Florida database company, the firm's corporate parent said yesterday. The break-in is the most recent in a series of identity thefts that have federal lawmakers calling for tougher regulations on data collection companies.
The company, Seisint Inc. of Boca Raton, was acquired last year for $775 million by database company LexisNexis, which in turn is owned by the Anglo-Dutch publishing company Reed Elsevier Group PLC. Seisint specializes in collecting records on individuals and making them available to businesses and government entities, including law enforcement agencies.
During a security review conducted in the past two weeks, LexisNexis officials found indications that an intruder had gained access to the data. In addition, a customer complained that his LexisNexis bill was too high. The company found that an unauthorized person had used the customer's account.
''It appears the login of a LexisNexis customer was stolen and used to gain access to records containing personal data on individuals," a company spokesman said.
Kurt Sanford, president and chief executive of LexisNexis Corporate and Federal Markets, posted on his company's website a videotaped apology for the security breach.
''LexisNexis sincerely regrets these circumstances and continues to work aggressively and expeditiously to minimize the impact of these incidents to consumers and our customers," said Sanford. He said LexisNexis would contact the people who might be affected by the data theft, and would monitor their financial status to detect any attempts to defraud them. Sanford also promised that LexisNexis will develop improved password protections to stave off future identity thefts.
The US Secret Service, the federal agency that investigates financial fraud involving computer networks, has been called in. A Secret Service spokesman declined to comment on the case.
The Seisint data theft adds to a recent spate of incidents in which personal information was lost or stolen. Last month, the information broker ChoicePoint revealed that scam artists posing as legitimate businesses purchased information on 145,000 people. As a result, at least 750 of these people have been defrauded. Also last month, Bank of America said that it had lost some computer tapes that contain financial information on 1.2 million employees of the US government. A hacker also attacked T-Mobile, the cellular telephone network used by actress Paris Hilton, and stole the information stored on Hilton's phone, including private phone numbers of many other celebrities. A security lapse at PayMaxx Inc., a Tennessee payroll management company, may have exposed financial data on as many as 100,000 workers, although there is no evidence that any data was actually stolen in this case. And on Tuesday, Ohio-based DSW Shoe Warehouses revealed that credit card data from about 100 of its stores had been stolen from a company computer over the past three months. DSW has eight stores in Massachusetts.
The Massachusetts attorney general's office issued letters yesterday to officials at DSW Shoe Warehouses and LexisNexis, asking whether Massachusetts residents may have been victimized by the security breaches. Attorney General Thomas F. Reilly is backing legislation that would let Massachusetts consumers block unauthorized access to their credit reports. Reilly also backs a bill that would make it easier to prosecute identity theft in Massachusetts and toughen penalties for repeat offenders and those who target elderly or disabled people.
The surge in identity theft incidents also worries Massachusetts Democratic US Representative Edward J. Markey, who is sponsoring legislation that would give the Federal Trade Commission the power to set security standards for database companies.
''The lack of real guidelines reduces dramatically the chances that information is being safeguarded," said Markey. ''It's almost like the level of bank protection that existed when the James brothers were going from town to town."
Markey is also cosponsoring a bill that would make it illegal in most circumstances to buy or sell Social Security numbers, because criminals can use the numbers to defraud people and set up fake identities.
Hiawatha Bray can be reached at bray@globe.com. 