Slashdot Mirror

← Back to Stories (view on slashdot.org)

Consumers Data Stolen from LexisNexis

Posted by samzenpus on from the todays-info-stolen-from dept.

LE UI Guy writes "Reuters is currently running a story regarding LexisNexis being tapped into by identity thieves who accessed up to 32,000 customer profiles. Information hit included names, addresses, Social Security and driver's license numbers. This comes on the heels of rival ChoicePoint being breached for 145,000 profiles last month in a similar case. Better check yourself." Update: 03/10 02:40 GMT by J : ChoicePoint's name corrected (and, it may be more than 145,000, they don't know).

27 of 298 comments (clear)

  1. Well... by Anonymous Coward · · Score: 5, Funny

    Anyone got a torrent of it?

  2. Man by Anonymous Coward · · Score: 5, Funny

    I am sure glad I don't drive a lexus.

  3. ChoicePoint =! CheckPoint by DA-MAN · · Score: 4, Informative

    Jesus! I've seen this mistake on the national news and now on slashdot. I thought the geeks would realize there is a difference.

    Let me make it clear, CheckPoint makes security software, rfid badges and firewalls. They are not the ones who sell all of your information to credit card companies. CheckPoint has no info that you didn't give them. ChoicePoint is the one that fucked up!!!

    --
    Can I get an eye poke?
    Dog House Forum
    1. Re:ChoicePoint =! CheckPoint by Flendon · · Score: 5, Informative

      Checkpoint was protecting Choicepoint's systems, I guess the management did a bad choice going with a weak firewall protection like checkpoint after all, now they pay the price. Rumors are going on in our company that we're going to move away from Checkpoint for the same reasons.

      ChoicePoint was not hacked. It was purely social engineering. The criminals were granted access because ChoicePoint didn't bother checking if the real estate license (or the name on it) they were shown was real. At least in this case it wouldn't have mattered if they had no firewall.

      --
      chown -R us ./base
    2. Re:ChoicePoint =! CheckPoint by jchernia · · Score: 5, Funny

      Well of course they are not equal, you made the assignment that way.

      You made the common rookie programmer error of assigning what you wanted to test.

      What I think you meant to say was

      ChoicePoint != CheckPoint

      Though if you are communicating to us in Java you want

      !ChoicePoint.equals(CheckPoint)

      Hope that helps.

    3. Re:ChoicePoint =! CheckPoint by Anonymous Coward · · Score: 4, Informative

      You are absolutely right. Checkpoint is the company that sells defective firewalls based on Linux, and won't give you a patch unless you buy a support contract. They also won't give you a refund for a defective product.

      Oh yeah. You have to be running Windows to do any administration of the firewall.

      I'm quite glad they are getting mistaken.

      Dear Checkpoint,

      You sent us a non-functional firewall last year, and wouldn't help us make it work. When our support contract kicked in you told us it was a problem on your end, and we needed to download a patch. Everything worked after that.

      Please note that I've told my company all about this, and I'll make sure that our company of over 100,000 never buys a product from you again. Fuck you and your useless crap.

      Sorry for the rant, but Checkpoint deserves it for shipping out defective software.

      PS - Mod this up if you don't like Linux being used to make money for a company that won't even back up their own modifications.

    4. Re:ChoicePoint =! CheckPoint by That's+Unpossible! · · Score: 4, Funny

      Surely this would (rightly) file under "false allegation"?

      No, this would fall under "typo."

      And don't call me Shirley.

      --
      Ironically, the word ironically is often used incorrectly.
  4. Easy solution to this problem by ip_freely_2000 · · Score: 5, Insightful

    Make the CEO, CTO and Customer Support manager provide their own personal information in their own databases.

  5. Where's all the personal data? by Nuclear+Elephant · · Score: 5, Funny

    This comes on the heals of rival Check Point being breached for 145,000 profiles last month in a similar case. Better check yourself.

    Can someone post the list?

  6. Checkpoint? by Anonymous Coward · · Score: 4, Informative

    Checkpoint ( www.checkpoint.com ) makes firewall software. THEY HAD NO CUSTOMER INFROMATION STOLEN. please update the story and make sure the facts are correct - its pretty freaking rude to say a company lost data, especially an innocent company.

    Choicepoint lost the data. not Checkpoint.

  7. Information Wants to Be Free :P by Doc+Ruby · · Score: 5, Insightful

    Check yourself? What does that mean? Check that you haven't been stolen? What if you haven't - what can you do to stop it from happening after you check?

    These corporations are destroying the value of our essential property: our identities. They demand we give our personal info, without enforcing our copyrights to prevent its being disseminated, then let it get stolen by people who will use it to damage us. When someone rips me off with some personal info they stole from some negligent data warehouse, the warehouse should be liable for my damages, including the work to recover my losses, and the defamation that will inevitably ripple through the endlessly interlinked online infosystems forever. And when compromised, they should pay my identity theft insurance premiums. This free value we deliver to them has a cost when it's abused, and such insecurity abuse is now obviously standard practice.

    --

    --
    make install -not war

    1. Re:Information Wants to Be Free :P by laughingcoyote · · Score: 5, Interesting

      No...remember, copyright is only for the benefit of corporations too. You don't have the right to prevent the distribution of data that pertains to you, that right only extends to the latest pop song, that they've already chosen to release publicly, and then expect to tell said public what they may or may not do with it.

      But that brings up an interesting point...isn't someone currently getting sued by Apple for collecting data on them without their authorization and distributing it? Are only corporations allowed to protect sensitive data, and punish those who distribute it without authorization? If "trade secrets" exist, surely "personal secrets" do too?

      --
      To fight the war on terror, stop being afraid.
    2. Re:Information Wants to Be Free :P by Doc+Ruby · · Score: 4, Interesting

      We might be entering a time when the only chance of protecting one's rights is to incorporate, and assign all assets (IP and real) to it. Incorporation might become the modern blessing once expected of christening.

      --

      --
      make install -not war

    3. Re:Information Wants to Be Free :P by Afrosheen · · Score: 4, Funny

      No shit. I had this happen the other day, buying something at an electronics store.

      Cashier, while checking out: "Your email address?"

      Me: "No."

      Cashier: "No?"

      Me: "Ok, put 'no at no dot com"

      Cashier, smirking: "Done."

  8. How long before ANYONE'S info hasn't been stolen? by loggia · · Score: 4, Interesting

    With phishing, spyware, database theft... people picking thru your trash...

    How long before ANYONE'S identity has not been stolen?

    Seriously.

    Why not just put a fraud alert on everyone's credit reports and let's get it over with. You want to apply for credit? You'll have to jump through a few more hoops...

    The system as it is now is painfully broken.

  9. How long it will take .. by Anonymous Coward · · Score: 4, Interesting

    How long it will take someone to build a complete (may be 90%)databese of all americans thet will include SSN, DL#, Home address & Phone # etc. If this is the rate of privacy the thefts.

    How much it will be worth it and to whome it will worth it.

  10. Is it really stolen? by Sheetrock · · Score: 5, Funny

    It can't be theft if the data is still there, right?

    --

    Try not. Do or do not, there is no try.
    -- Dr. Spock, stardate 2822-3.




  11. I am a man, not a number by chiph · · Score: 5, Funny

    I am a man, not a number!

    Signed, #6

    1. Re:I am a man, not a number by Anonymous Coward · · Score: 5, Funny

      How about you and I get together for a good time?

      Signed, #9

  12. Washington Post article by CRepetski · · Score: 4, Interesting
    The Washington Post has another article about this:
    http://www.washingtonpost.com/wp-dyn/articles/A199 82-2005Mar9.html

    Most organizations have some sort of regulatory body. Does the data harvesting industry have this?

    Perhaps this should turn some heads in Congress now that we've got multiple cases of this insecurity. The question is, is Congress going to be able to do anything about it or will it be the same situation as with government computer security: Right now they just say "your security is bad" but that doesn't always fix the problem.

  13. How can we really know who is affected? by SunFan · · Score: 5, Insightful


    I know only the name of my phone company, for example, but I have no clue who they contract with for data processing or billing or marketing. How can we ever really find out if a security problem at one company affects us? These back-end companies are generally companies that serve niche markets and practically no one has heard of them.

    --
    -- Microsoft is the most expensive commodity operating system and office suite vendor in the marketplace.
  14. The solution: Opt In by sulli · · Score: 4, Interesting
    Of course the bastards will do everything in their power to prevent it, but the answer is federal regulations requiring the explicit permission of the affected parties before any data on any individual is sold to anyone.

    I don't want a bunch of strangers reading my dossiers (and I have had exactly this - I was affected by the ChoicePoint scam). If I had to approve every offering or sale of my data, I would have easily been able to block said scam.

    --

    sulli
    RTFJ.
  15. Re:Windows Servers by odin53 · · Score: 4, Informative

    The article says that the data stolen was collected by Seisent, which is a company that LexisNexis/Reed Elsevier acquired recently. Because of this, I doubt that looking up the netcraft report for www.lexisnexis.com will tell you much about where that data is stored.

    If you look up Seisint, you'll see Linux/Solaris servers.

  16. *Not* Customer Profiles by cfulmer · · Score: 4, Insightful

    It was information on 32,000 (anybody want to bet it was 32,768?) members of the public, not customers. To bad, in a way -- Lexis is used most by lawyers, judges, congresspeople and so on -- had the Lexis customer data been hacked and say all the judges on the 5th Circuit or the Ohio congressional delegation had their identities stolen as a result, you'd probably see reform a whole lot faster.

  17. Social Security numbers? by dbIII · · Score: 4, Interesting
    They should not be storing this information, it should only be for government use. Realisticly the implications are the same as the theives getting your credit card number, expiry date and PIN.

    In this Homeland paranoia age where everything that is in the database must be right, you certainly don't want to see government ID numbers getting used in fraud. How do you go about getting a new Social Security number when the existing one is being used in fraud?

  18. the law is... by zogger · · Score: 4, Insightful

    ...people willingly give away their personal property, their data, their "IP", then these other companies own it. If people just insisted that THEIR data was THEIR property and took care of it with that sort of mindset backed op with some rational laws, then this wouldn't happen, and these companies with the data warehouses wouldn't even exist like they do now.

    Most people don't think that way, but people who start corporations DO think that way, they recognize valuable property when they see it, and make billions off of millions of people voluntarily giving away their property to them.

    If it wasn't stolen from you directly, it's sure not your property anymore. If you donate your old TV to the thriftstore and they get broken into and that TV is stolen, well, "your" TV didn't get stolen, their TV got stolen. If you want to own and keep possession of your TV, well, don't give it away in the first place then. Simple concept, just apply it to your data. It's similar enough for conversational purposes anyway. "IP" ownership is bigtime in business, there's zero reason everyone's personal data "IP" shouldn't be theirs in total.

    So people can't really say "their" stuff got stolen, some big companies stuff got stolen, they gave up their rights to full and complete ownership a long time ago. they already got "social engineered" out of ownership, just they don't realise it, or just don't care enough to think it through. Now that same data property down the pike got social engineered again, oh well, guess the original owner didn't care enough to hang on to it.

    but, but..we can't live in society without giving our property away! Yep, that's the point, much less than .0001% people ever even tried one time to keep their data to themselves and to insist to government that this should be so. They never gave a care, to busy with entertainments or whatever to even lift a phone to make a call to a congress critter, or to say NO to some company "asking" for data they don't need really for a business transaction. Mass conditioning that it's socially cool to get ripped off. Shazzam, the world is full of thieves, maybe more people will stop and think about who they give their property to and why they give it away for what purposes now. Maybe it's a better idea to just retain ownership? One law would do it, too, your data is yours, it shouldn't be necessary to transfer ownership of your data just to do business someplace.

  19. Re:Social Security numbers? by AtomicDog · · Score: 5, Informative
    A company that does, and that refuses to do business with you if you refuse to give them your SSN is in violation of federal law.


    Which federal law? I couldn't find anything about that from the SSA's website, but I did find this page:

    When am I legally required to provide my Social Security number?:

    "If a business or other enterprise asks you for your SSN, you can refuse to give it. However, that may mean doing without the purchase or service for which your number was requested. For example, utility companies and other services ask for a Social Security number, but do not need it; they can do a credit check or identify the person in their records by alternative means."


    Also, your SSN is required for more than just tax purposes, as you claimed:


    "Specific laws require a person to provide his/her SSN for certain purposes. While we cannot give you a comprehensive list of all situations where an SSN might be required or requested, an SSN is required/requested by:
    • Internal Revenue Service for tax returns and federal loans
    • Employers for wage and tax reporting purposes
    • States for the school lunch program
    • Banks for monetary transactions
    • Veterans Administration as a hospital admission number
    • Department of Labor for workers compensation
    • Department of Education for Student Loans
    • States to administer any tax, general public assistance, motor vehicle or drivers license law within its jurisdiction
    • States for child support enforcement
    • States for commercial drivers licenses
    • States for Food Stamps
    • States for Medicaid
    • States for Unemployment Compensation
    • States for Temporary Assistance to Needy Families
    • U.S. Treasury for U.S. Savings Bonds"


    The Privacy Act regulates the use of SSNs by government agencies. When a Federal, State, or local government agency asks an individual to disclose his or her Social Security number, the Privacy Act requires the agency to inform the person of the following: the statutory or other authority for requesting the information; whether disclosure is mandatory or voluntary; what uses will be made of the information; and the consequences, if any, of failure to provide the information.

    (from the same page linked to above)

    Finally, to the grandparent: yes, you can get a new SSN number assigned to you. Here's how:

    How can I get a different Social Security number assigned to me?