Slashdot Mirror

← Back to Stories (view on slashdot.org)

Consumers Data Stolen from LexisNexis

Posted by samzenpus on from the todays-info-stolen-from dept.

LE UI Guy writes "Reuters is currently running a story regarding LexisNexis being tapped into by identity thieves who accessed up to 32,000 customer profiles. Information hit included names, addresses, Social Security and driver's license numbers. This comes on the heels of rival ChoicePoint being breached for 145,000 profiles last month in a similar case. Better check yourself." Update: 03/10 02:40 GMT by J : ChoicePoint's name corrected (and, it may be more than 145,000, they don't know).

13 of 298 comments (clear)

  1. Well... by Anonymous Coward · · Score: 5, Funny

    Anyone got a torrent of it?

  2. Man by Anonymous Coward · · Score: 5, Funny

    I am sure glad I don't drive a lexus.

  3. Easy solution to this problem by ip_freely_2000 · · Score: 5, Insightful

    Make the CEO, CTO and Customer Support manager provide their own personal information in their own databases.

  4. Where's all the personal data? by Nuclear+Elephant · · Score: 5, Funny

    This comes on the heals of rival Check Point being breached for 145,000 profiles last month in a similar case. Better check yourself.

    Can someone post the list?

  5. Information Wants to Be Free :P by Doc+Ruby · · Score: 5, Insightful

    Check yourself? What does that mean? Check that you haven't been stolen? What if you haven't - what can you do to stop it from happening after you check?

    These corporations are destroying the value of our essential property: our identities. They demand we give our personal info, without enforcing our copyrights to prevent its being disseminated, then let it get stolen by people who will use it to damage us. When someone rips me off with some personal info they stole from some negligent data warehouse, the warehouse should be liable for my damages, including the work to recover my losses, and the defamation that will inevitably ripple through the endlessly interlinked online infosystems forever. And when compromised, they should pay my identity theft insurance premiums. This free value we deliver to them has a cost when it's abused, and such insecurity abuse is now obviously standard practice.

    --

    --
    make install -not war

    1. Re:Information Wants to Be Free :P by laughingcoyote · · Score: 5, Interesting

      No...remember, copyright is only for the benefit of corporations too. You don't have the right to prevent the distribution of data that pertains to you, that right only extends to the latest pop song, that they've already chosen to release publicly, and then expect to tell said public what they may or may not do with it.

      But that brings up an interesting point...isn't someone currently getting sued by Apple for collecting data on them without their authorization and distributing it? Are only corporations allowed to protect sensitive data, and punish those who distribute it without authorization? If "trade secrets" exist, surely "personal secrets" do too?

      --
      To fight the war on terror, stop being afraid.
  6. Is it really stolen? by Sheetrock · · Score: 5, Funny

    It can't be theft if the data is still there, right?

    --

    Try not. Do or do not, there is no try.
    -- Dr. Spock, stardate 2822-3.




  7. I am a man, not a number by chiph · · Score: 5, Funny

    I am a man, not a number!

    Signed, #6

    1. Re:I am a man, not a number by Anonymous Coward · · Score: 5, Funny

      How about you and I get together for a good time?

      Signed, #9

  8. How can we really know who is affected? by SunFan · · Score: 5, Insightful


    I know only the name of my phone company, for example, but I have no clue who they contract with for data processing or billing or marketing. How can we ever really find out if a security problem at one company affects us? These back-end companies are generally companies that serve niche markets and practically no one has heard of them.

    --
    -- Microsoft is the most expensive commodity operating system and office suite vendor in the marketplace.
  9. Re:ChoicePoint =! CheckPoint by Flendon · · Score: 5, Informative

    Checkpoint was protecting Choicepoint's systems, I guess the management did a bad choice going with a weak firewall protection like checkpoint after all, now they pay the price. Rumors are going on in our company that we're going to move away from Checkpoint for the same reasons.

    ChoicePoint was not hacked. It was purely social engineering. The criminals were granted access because ChoicePoint didn't bother checking if the real estate license (or the name on it) they were shown was real. At least in this case it wouldn't have mattered if they had no firewall.

    --
    chown -R us ./base
  10. Re:ChoicePoint =! CheckPoint by jchernia · · Score: 5, Funny

    Well of course they are not equal, you made the assignment that way.

    You made the common rookie programmer error of assigning what you wanted to test.

    What I think you meant to say was

    ChoicePoint != CheckPoint

    Though if you are communicating to us in Java you want

    !ChoicePoint.equals(CheckPoint)

    Hope that helps.

  11. Re:Social Security numbers? by AtomicDog · · Score: 5, Informative
    A company that does, and that refuses to do business with you if you refuse to give them your SSN is in violation of federal law.


    Which federal law? I couldn't find anything about that from the SSA's website, but I did find this page:

    When am I legally required to provide my Social Security number?:

    "If a business or other enterprise asks you for your SSN, you can refuse to give it. However, that may mean doing without the purchase or service for which your number was requested. For example, utility companies and other services ask for a Social Security number, but do not need it; they can do a credit check or identify the person in their records by alternative means."


    Also, your SSN is required for more than just tax purposes, as you claimed:


    "Specific laws require a person to provide his/her SSN for certain purposes. While we cannot give you a comprehensive list of all situations where an SSN might be required or requested, an SSN is required/requested by:
    • Internal Revenue Service for tax returns and federal loans
    • Employers for wage and tax reporting purposes
    • States for the school lunch program
    • Banks for monetary transactions
    • Veterans Administration as a hospital admission number
    • Department of Labor for workers compensation
    • Department of Education for Student Loans
    • States to administer any tax, general public assistance, motor vehicle or drivers license law within its jurisdiction
    • States for child support enforcement
    • States for commercial drivers licenses
    • States for Food Stamps
    • States for Medicaid
    • States for Unemployment Compensation
    • States for Temporary Assistance to Needy Families
    • U.S. Treasury for U.S. Savings Bonds"


    The Privacy Act regulates the use of SSNs by government agencies. When a Federal, State, or local government agency asks an individual to disclose his or her Social Security number, the Privacy Act requires the agency to inform the person of the following: the statutory or other authority for requesting the information; whether disclosure is mandatory or voluntary; what uses will be made of the information; and the consequences, if any, of failure to provide the information.

    (from the same page linked to above)

    Finally, to the grandparent: yes, you can get a new SSN number assigned to you. Here's how:

    How can I get a different Social Security number assigned to me?