Consumers Data Stolen from LexisNexis

LE UI Guy writes "Reuters is currently running a story regarding LexisNexis being tapped into by identity thieves who accessed up to 32,000 customer profiles. Information hit included names, addresses, Social Security and driver's license numbers. This comes on the heels of rival ChoicePoint being breached for 145,000 profiles last month in a similar case. Better check yourself." Update: 03/10 02:40 GMT by J : ChoicePoint's name corrected (and, it may be more than 145,000, they don't know).

ChoicePoint =! CheckPoint

[DA-MAN]

Jesus! I've seen this mistake on the national news and now on slashdot. I thought the geeks would realize there is a difference.

Let me make it clear, CheckPoint makes security software, rfid badges and firewalls. They are not the ones who sell all of your information to credit card companies. CheckPoint has no info that you didn't give them. ChoicePoint is the one that fucked up!!!

Re:ChoicePoint =! CheckPoint

[Flendon]

Checkpoint was protecting Choicepoint's systems, I guess the management did a bad choice going with a weak firewall protection like checkpoint after all, now they pay the price. Rumors are going on in our company that we're going to move away from Checkpoint for the same reasons.

ChoicePoint was not hacked. It was purely social engineering. The criminals were granted access because ChoicePoint didn't bother checking if the real estate license (or the name on it) they were shown was real. At least in this case it wouldn't have mattered if they had no firewall.

Re:ChoicePoint =! CheckPoint

You are absolutely right. Checkpoint is the company that sells defective firewalls based on Linux, and won't give you a patch unless you buy a support contract. They also won't give you a refund for a defective product.

Oh yeah. You have to be running Windows to do any administration of the firewall.

I'm quite glad they are getting mistaken.

Dear Checkpoint,

You sent us a non-functional firewall last year, and wouldn't help us make it work. When our support contract kicked in you told us it was a problem on your end, and we needed to download a patch. Everything worked after that.

Please note that I've told my company all about this, and I'll make sure that our company of over 100,000 never buys a product from you again. Fuck you and your useless crap.

Sorry for the rant, but Checkpoint deserves it for shipping out defective software.

PS - Mod this up if you don't like Linux being used to make money for a company that won't even back up their own modifications.

Checkpoint?

Checkpoint ( www.checkpoint.com ) makes firewall software. THEY HAD NO CUSTOMER INFROMATION STOLEN. please update the story and make sure the facts are correct - its pretty freaking rude to say a company lost data, especially an innocent company.

Choicepoint lost the data. not Checkpoint.

Re:Windows Servers

[odin53]

The article says that the data stolen was collected by Seisent, which is a company that LexisNexis/Reed Elsevier acquired recently. Because of this, I doubt that looking up the netcraft report for www.lexisnexis.com will tell you much about where that data is stored.

If you look up Seisint, you'll see Linux/Solaris servers.

Re:Social Security numbers?

[AtomicDog]

A company that does, and that refuses to do business with you if you refuse to give them your SSN is in violation of federal law.

Which federal law? I couldn't find anything about that from the SSA's website, but I did find this page:

When am I legally required to provide my Social Security number?:

"If a business or other enterprise asks you for your SSN, you can refuse to give it. However, that may mean doing without the purchase or service for which your number was requested. For example, utility companies and other services ask for a Social Security number, but do not need it; they can do a credit check or identify the person in their records by alternative means."

Also, your SSN is required for more than just tax purposes, as you claimed:

"Specific laws require a person to provide his/her SSN for certain purposes. While we cannot give you a comprehensive list of all situations where an SSN might be required or requested, an SSN is required/requested by:

• Internal Revenue Service for tax returns and federal loans
  
• Employers for wage and tax reporting purposes
  
• States for the school lunch program
  
• Banks for monetary transactions
  
• Veterans Administration as a hospital admission number
  
• Department of Labor for workers compensation
  
• Department of Education for Student Loans
  
• States to administer any tax, general public assistance, motor vehicle or drivers license law within its jurisdiction
  
• States for child support enforcement
  
• States for commercial drivers licenses
  
• States for Food Stamps
  
• States for Medicaid
  
• States for Unemployment Compensation
  
• States for Temporary Assistance to Needy Families
  
• U.S. Treasury for U.S. Savings Bonds"

The Privacy Act regulates the use of SSNs by government agencies. When a Federal, State, or local government agency asks an individual to disclose his or her Social Security number, the Privacy Act requires the agency to inform the person of the following: the statutory or other authority for requesting the information; whether disclosure is mandatory or voluntary; what uses will be made of the information; and the consequences, if any, of failure to provide the information.

(from the same page linked to above)

Finally, to the grandparent: yes, you can get a new SSN number assigned to you. Here's how:

How can I get a different Social Security number assigned to me?