Slashdot Mirror
LexisNexis Breach Worse Than Believed
Rollie Hawk writes "Worldwide law and news sifter LexisNexis has some bad news of its own this time. Actually, "bad" might sharply understate the situation.
More than a month after disclosing information on a database breach that led to 32,000 customer IDs being stolen, the results of an internal review showed that in fact the damage was nearly ten times worse than previously thought.
LexisNexis is already "offering free support services, including credit bureau reports, credit monitoring for one year and fraud insurance" to the nearly 300,000 additional victims it will soon be contacting, according to a Reed Elsevier statement to the Regulatory News Service. So far, no identity thefts have been reported by earlier victims, at least some of whom had private information such as addresses and Social Security numbers unwittingly divulged."
From the article:
Your network's security is inversely proportional to your users' gullibility.
____
~ |rip/\/\aster /\/\onkey
...I have to go shred some credit cards, change my identity, and stock up on tinfoil.
at least they apologized
Starsucks
How do you know if they have info about you contained in their database? Or does it have info on EVERYBODY?
Why on earth would lexisnexis (or any other site providing a service) need a customer's SSN? Ok, some tax sites I can understand if you are electronically filing, but for anything else?
Don't blame me, I voted for Kodos
Just when I thought it was safe to come out of my concrete bunker, I see 300,000 people's identities stolen. [puts tin foil hat back on, slams steel door]
I can see the letter now. Dear clients, We got owned. We got owned in a big way. Your identity is probably stolen now.
when your data gets stolen at lexis-nexis, you know your screwed. With the amount of data that place has on people its only a matter of time before bad shit starts happening to these guys.
Top 10 Reasons To Procrastinate
10.
Increased security will only take us so far considering the increasing reliance of all companies on databases.
Businesses need to quit making personal information so valuable, which means an end to instant credit. This, of course, would have some pretty far reaching implications for the hot-tub and big screen TV market but you take the good with the bad.
You'd have to be stupid to pull something like this then rush out and use the information you just got.
Wait 8-9 years, then we'll see whose identity information is being misused when this incident is just a distant memory and people are scratching their heads over how their information "got away".
If I have been able to see further than others, it is because I bought a pair of binoculars.
1) give everybody security traininge -or-email hacks with getting your ass fired being the punishment for failiure
2) give everyone a copy of that Mitnik book about social engineering
3) keep topping up on the security training
4) every so often hire an expert to try and break into your systems using data hacks, or idiots-who-give-their-passwords-out-over-the-phon
5) enforce a protocol in regards to passing information about anything regarding your computer.
6) have sensitive information only be allowed to be passed onto people calling from specific extensions
-SJ53
I'd like to see congress mandate the free credit reports to any and all consumers. These types of identity theft are so common these days that it's in the consumer's best interest, and costs the credit company next to nothing to produce. Thier profits are generated bny business' requests for your credit score/information. Not the other way around.
Just threaten to legislate that the owners of said databases have to keep all their own personal information in them. They'd probably try harder.
This situation is going to keep getting worse until victims start suing these companies. Companies don't want the bad press of these situations, but continue to take a minimalist apoproach to protecting data that they don't need to be collecting in the first place. Of course these databases are an identity theif's target. However, the companies will not do anything about the situation until they start losing hundreds of millions of dollars in lawsuits. The amount of damage to each person doesn't have to be that serious to add up to large sums of money lost as a result of these breeches.
The recent "change in ownership" of LexisNexis, for an "undisclosed sum"...
They plan to pull a "but Bhopal happened before we owned them, boo-hoo, leave us alone you bullies".
That's it. I'm only buying Acuras from now on...
The one aspect of the Social Security system I wanna see changed is the use of the same string for both username and password. So much of the threat of identity theft is because SSNs are so powerful. If the identifying number and associated secret were separate bits of information, 98.43% of the entities that have had breaches of this nature would not have had the passphrase in the first place, only the unique identifier.
Why does it seem that I'm the only one who finds this to be utterly ridiculous? First and last name (even with middle name or initial) is simply not sufficient to separate one Frank Jacobs from another. A unique identifier is needed. Yet when I ask students for their SSN, as is *required* in my industry, many of them get all pissy about it, as they've had it drilled into their heads all their lives that anybody asking for your SSN is a devil worshiping credit card thief, and probably a yankee to boot. (It especially amuses me when I've got their credit card info on screen in front of me, yet they're getting all sketchy about giving out their SSN.)
And now, feel free to do what so many people do in person or over the phone every day, and explain to me how it's illegal for me to be asking for that information, blah, blah, blah. We always get a kick out of that one.
Quantum materiae materietur marmota monax si marmota monax materiam possit materiari?
I would love to see companies be held legally responsible for such security breeches. Maybe that'll get them to think twice before installing that swiss cheese M$ server or hiring that shady-but-cheap admin/tech support person just to save a few bucks and make the numbers come out "right". Of course, this will also lead to a new type of insurance, but at least the punishment will still be there.
...offering free support services, including credit bureau reports, credit monitoring for one year and fraud insurance...
<sarcasm>Out of the kindness of their hearts, no less. They're unconcerned with any bad press they might get for offering these services and boldly doing what they can to help their customers.
Why, the idea that they might be liable for thousands of stolen identity cases and a jarmungulous class action suit doesn't seem to have affected them at all.
</sarcasm>Raise your children as if you were teaching them to raise your grandchildren, because you are.
Seriously. They have no reason to be storing drivers licence numbers and Social Security numbers in their databases. They're selling an online service, and just like any online store, all they need is your billing name and address, credit card # and expiration date. Throw in a username and password so the user can easily return... are they using SSNs and drivers licence numbers as a way of authentication? If so... why?
Quid festinatio swallonis est aetherfuga inonusti?
Africus aut Europaeus?
These breaches really making me think... I'd like to run a server out of my home, and collect personal information from users (it's an online business). A host (no pun intended) of questions arise.
- What kind of training do I need to learn how to keep my data safe?
- What do I do if I find an intrusion?
- What if I detect intrusion attempts? Should I report them?
- Should I use FreeBSD, which has a better security history than Linux?
Those are just a few of the things that come immediately to mind, except that maybe I shouldn't run my own server...Any ideas?
Always do right. This will gratify some people and astonish the rest. -- Mark Twain
One of my clients made me aware of it today. Go there and look up a few people you know. Looks like you'll be able to buy a ton of info on people from these bastards for $20.
It's going to be a stalker and identity thief's dream.
This better be the last time anyone decrys the IT community for ranting about security.
We KNOW what we are talking about, ok Mr. MBA?
Why did L/N need to know their subsribers SSNs?
Maybe I shoulda RTFA'd, but I'm not new here...
If you disagree with me on social issues, then it's pretty clear that you are a narrow-minded bigot.
Most of their data content (as opposed to news articles) comes from government agencies, is in the public domain, and is just a Google search away.
I've always said that a combination of Google and Google news alerts is the poor man's Lexis-Nexis, and now we see that it's not just cheaper, it's safer.
All those folks who paid Lexis-Nexis' fees to save time are suddenly going to be wasting a lot of time dealing with identity theft. I may come out ahead not only in saved money, but in saved time, too. For once, being cheap has paid off.
See what I've been reading.
LexisNexis might make it into gueness book of records as the most sued company. I was asked to use this service in university and was really baffled. They have some ridiculous charges - several dollars per minute - or was it per article retrieved? Anyone who uses this kind of thing when you can just search the web is either an idiot or is paying with other people's money. A lawyer sounds about right.
I sure don't think so. As long as computer systems and their security are incredibly complex mechanisms that only a fraction of the people on the planet can operate, we're going to be in this boat. Sit down and think for a minute. In the past (long before computers) confidential and valuable information or posessions were stored by trusted sources. Banks, legal firms, certain museums, etc... They all were more than capable of protecting valuable information or posessions from theft. The occasional break in would happen, but not anywhere near the frequency that we see computer systems being compromised. And who was responsible for security in those insititutions? Did we have security staff that went to college and were learned in maths and science? Were the lawyers who protected secrets expert lock smiths and did they have break-in drills to hone their security? No.
So how did we survive all those centuries without the need for the kind of security practices we see as a requirement today? I'll [tt]ell you how... the systems that secured the information or posessions were built with security in mind. A bank vault, for instance, isn't going to be made out of glass, ceramic or some other easily penetrable substance (like certain biological orifices). When it came to the legal profession in the past, there were stronger barriers to entry. Those barriers, for the most part, ensured the integrity of the people who entered into the profession. Again, for legal professionals of the past, confidentiality was assured as far as can be since we are all human.
The plain truth that no one wants to acknowledge is that computers are not secure by nature. The OS or hardware platforms all have faults (with the possible exception of OpenVMS on Alphas). What is needed is a completely new hardware and OS platform that is built completely with security in mind. A system where the hardware platform has restrictions built in that only allow proper access through only one channel. Just a vault only has one door, so too should a system, that is storing sensitive data. This should be implemented in hardware BEFORE the OS.
Why isn't this happening? Because it's not profitable enough. There isn't enough demand for this kind of system yet, and there won't be demand until the businesses are made to acknowledge that these kinds of break ins are unacceptable.
-"...bad old ideas look confusingly fresh when they are packaged as technology" - Jaron Lanier (Digital Maoism on Edge.o
I took a class in grad school on the general legal environment in engineering (mostly IP issues), but for part of our legal research, we were given access to Lexus Nexus by one of their sales reps. Part of us being given access was that we had to listen to the rep talk about the company. I questioned whether ornot the responsability of keeping such a large database with such personal info in it was a nitemarish liability, and was told by the rep that if anyone wanted to sue them "I'ts a company full of lawyers- good luck".
DISCLAIMER: This post was not checked for speling and grammar- if you complain- you're a whiner
It seems to me that a big part of the problem is that the default is that anyone with your credit information can get credit in your name without contacting you. You can put a hold on this (ie opt out) where they have to contact you at your home phone number before granting credit. A lot of identity theft problems would be solved if the default was no (instant) credit, and you could choose to opt in.
Have you used Lexis-Nexis? Identity loss notwithstanding, the amount of important data available in one place is fantastic. While one might be able to gather bits and peices (or eventually the entire set) L-N has it ready. Not to mention ready access to all of the "archives" sections of newspapers and wire services from around the world, ready to be searched. I regret the day I have to leave University and my included L-N access.
For free identity theft monitoring, please send your name, social security number, birth date, credit card numbers with expiration dates, and address to protectmyidentity@gmail.com. We will take care of your credit record for you and guarantee that you will never have to worry about your good credit record ever again.
Can you change your social security number? 9 digits seems enough for only one per person in the US, maybe 3 per person. I know they reuse these numbers over time. Why not have a 16 digit number, like credit cards do, so that you can change it and invalidate the old one if your identity gets stolen.
Rhymes that keep their secrets will unfold behind the clouds.There upon the rainbow is the answer to a neverending story
Too bad it wasn't LexisNexis that got affected, but Seisint, a recently acquired company.
...until at least a decade goes by without one of these crimes?
The alternative is a problem 100x this size.
"We don't need them to satisfy those purposes anymore. Their time has passed. Thanks to free alternatives to finding stuff out, we simply don't need what used to be an elite "authoritative" prestigious service with an immaculate brand. I'm glad they're getting this bad press."
HAHAHAHAHAHAHA!!!*Takes breath*HAHAHAHAHAHAHA!!!*takes another breath*HAHAHAHAHAHAHA!!!*hooks self to oxygen tank*HAHAHAHAHAHAHA!!!
God Bless ignorance. You people slay me with what you don't know.
The only reason this info is such a problem, is because companies like this have set it up as the key to instant credit. Require people making a claim of debit against a person to show proof that they have the right guy, and the problem is reduced.
It will lead to some inconvient (GASP!) problems, so the question is wether the general public and government has the will to fix the problem. I'm not optomistic.Free Mac Mini Yeah, it's
That is what happens when people give out information they should never give out. I've hard there are still some idiots who give their social security numbers to landlords for a "credit check". Man, wake up! That's what security deposits are for. Honestly, people who are that stupid don't deserve any better.
Speak for yourself. There's no free alternative for the ease Lexis Nexis provides, nor for their customer service (which may be too good, it seems). I use their service every day, and there literally is no where else to get much of the information their provide.
It REALLY sounds like you have no idea what information IS on nexis. it's not just a phone book and links to other public records. It's got tens of thousands of sources for public records, court documents, "person finder" information, and that's just on that side of things (Nexis has tens of thousands of other sources for news, legal sources, etc).
These fiends must be immediately caught and billed!
One line blog. I hear that they're called Twitters now.
Sorry you don't know and undervalue the power of LexisNexis. It's a pay site to be sure but what makes you think that subscribers do not have all you do AND LexisNexis? More sources of information are better. LexisNexis people and quote finds are pretty much unmatched so far.
Then you don't know much about the OTHER massive database run by the same company that owns LexisNexis. It's called MATRIX -- it looks to be a private sector implementation of Total Information Awareness, with some state government support thrown in.
BE AFRAID
All that information should have never been given out to begin with. Poor suckers...
And registered users wonder why people don't register.
Get rid of the SSN, stop using it, we are not numbered people!
You *can* live without it! Why are you people not researching this? Get a clue!
There is no reason to have a SSN except to let the government track and control YOU!
Stop the government control! Stop being a numbered second class "citizen" that is STAMPED with a inventory number by the government.
Are you owned? Think they aren't pulling a bunch of legal mumbo jumbo on you?
If you don't research it you will never know and can go on being one of the "herd", mooo mooo.
but I don't see what exactly as IANAL. : P
Okay, maybe there's something we could do in the way of cryptography and applying one-time pad techniques to SSNs or public cryptography. They give you their public #, you generate a # complimentary to your private #, so on. Not a solution by itself, but adding a layer of difficulty.
We need stronger punishments upon conviction but imprisonment isn't the only answer. They need to be b*tch-slapped in perpetuity any time they operate computers, engage in anything shady and get caught, with escalating punishments each time in terms of fines and so forth.
A certain cryptography writer notwithstanding, two-factor id for transactions needs to come into being ASAP.
We need roadblocks that make socializing the target dupes a lot less useful. Instead, we build a fortress facade in front and leave the back end protected by a broken horse corral gate and a drunken ranchhand with questionable morality.
If my grammar and spelling are off, I am [distracted/tired/careless] (take your pick)
I was set for life. With a new identity, I would get retirement for years and live happily on the beach. Then I got notice that I had died just a few days ago. So now I have a new identity, but I'm dead. Wonder if I can get my old job back....
Once you get it out of the hands of all those damn dirty lawyers, LexisNexis will immediately reach complete sentience and will reveal its true nature as the Matrix.
IAALS (and I approve this message)
your SSN in any hands other than yours, the IRS', or your employer's is in the wrong hands. do not ever give your SSN to landlords, schools, or those people sending you credit card offers in the mail. this is plain stupid.
Basically this shows that LexisNexis has no ability to audit not only who's accessing their databases, but how much data they've been accessing!?!
That's just great. Just to think, while I've been writing this post I'm sure their databases have sucked up countless bits of info... Which I'm sure is already in the hands of some information broker in some shady 3rd world country.
When the next "9/11" happens, I'll bet a box of donuts they'll trace the money back to some granny in Idaho whose been in a coma for the last three years and has a dozen credit cards in her name...
Yes Francis, the world has gone crazy.
Not exactly sure what they do, but they have a UK division http://www.lexisnexis.co.uk/
A search on the DPA register seems to show them up, so you can write to them and get a copy of any personal data they have on you (if thats what they do?) do they share this data with other countries?
Data classes are:
-Personal Details
-Family, Lifestyle and Social Circumstances
-Goods or Services Provided
Hmm..
This comment does not represent the views or opinions of the user.
Among the most important, IMO, are:
1) More news coverage. As we've seen with many things in the past few years, only if it's on the news a lot will US citizens get upset. It's a sad commentary on the education of our population, but it's true. See also: Terri Schaivo.
2) Legislation. Time and time again, corporations (and indeed entire industries) prove that when their bottom line is involved, they will not self-police.
While other things in the world are certainly news-worthy, I hope this one doesn't get overlooked. If you're upset, write your senator or representative. Urge them to support Dianne Feinstein's legislation on tougher data-leak laws. I would, but I live in DC, which means I'm taxed but have no representation.
akad0nric0
This sentence no verb.
If the businesses are going to make the information valuable, then their responsibility to protect it should be greater. There is a wide gap between the damage that can be done through ID-theft and the repercussions a company experiences when they let it out into the world. The only solutions to this problem that I've heard so far is for the general public to deal with it themselves, as if the companies *and* the government are telling us, "sucks to be you." I don't think this is right.
When I was a kid, we only had one Darth.
Businesses need to quit making personal information so valuable, which means an end to instant credit. This, of course, would have some pretty far reaching implications for the hot-tub and big screen TV market but you take the good with the bad.
Exactly, they SHOULD do this but because there is no profit incentive to the individual company they won't.
When they catch the thieves, their SS numbers and personal information should be given out to all the victims. Special exemptions should be in place in the law to let them use that information to acquire credit cards and bank loans. Whatever charges the victims rack up will be considered the "fine" that the thieves will be required to pay, either in funds, or in flesh.
Fascism trolls keeping me up every night. When I starts a preachin', he HITS ME WITH HIS REICH!
Not only that my friend, but making the leap from paper money to the mark of the Beast is far more difficult than the leap from instant credit.
"A review of data searches over the past two years found there were 59 cases where passwords and IDs of Reed's institutional customers were used illegally."
If theives get a hold of a login/password, there's no stopping them. This is hardly Lexis/Nexis' fault, but it is definitely their problem...
Second class citizens? Hardly. The counter-culture idiots who go around "IM BETTER THAN YOU BECUASE I DONT USE MY SSN" are hardly "first class" citizens, they're the ones who cant open bank accounts, get credit cards, student loans, attend college, get a drivers license, etc.
I'd love to "stick it to the man",but I sorta need some or all of these things.
The high profile database compromises of the last several months have served to push this issue to the forefront of the public consciousness and fueled public frustration. This is an obvious case of negative externality and should clearly be addressed with legislation that imposes regulatory requirements on companies which engage in the business of selling information. In this case the consumer, who is a third party to the transactions between these companies and their clients, is severely harmed by the negative effects of lax security at these companies. They, the consumers, do not share in any of the profits generated by this industry, but they do share in huge risks for rather dubious, in my opinion anyway, benefits. These companies have a clear conflict of interest when it comes to balancing the demands of security with the demands of the shareholders for profit and without regulatory relief that imposes severe financial liability for breaches, security and the consumer will lose every time. I am generally in favor of less government, however in the case of negative externalities the correct solution is definitely legislation and regulation.
I sometimes think that Lexis Nexis is the Matrix
I thought the Matrix was the matrix. But I get so confused with all this personal data floating around everywhere.
you're all figments of my deranged imagination
...my /. ID and password. I'd lose all my hard-won karma from posting 123Profit! and Soviet Russia jokes.
Yeah, I love how LN is giving the people 1 year of free credit monitoring, identity theft protection, etc. Guess what - the people who stole the info will still have that info after that year runs out. That's just plain retarded. A publicity gimmick more than a real fix.
Government should require them to pay for those services for LIFE for those people.
With the prices LN charges for their service, they better be able to afford it, or else someone is laundering some money offshore.
Cause universities that use it insist on a braindead uid scheme (aka student id) that is more often than not == to ssn. At mine this is the case, why? I don't know, lazy, ignant, who knows.
if you believe in that shit in this day and age you deserve everything you get for it.
They won't be obsolete until companies stop paying them, which won't happen for a long time.
My old card used to say (yes, in all caps) "NOT FOR PURPOSES OF IDENTIFICATION". Odd that we use it for identification. The card and numbers are to be used solely for the Social Security administration, not while applying for a job, not while subscribing to Cable Internet, and not while authenticating my login to my bank account. It IS illegal, but unenforced, unfortunately.
If you've got someone's SSN on screen, why ask for it?
Zhrodague.net - I do projects and stuff too.
On the FreeBSD question, you should use whatever you're supremely competent in administering.
.gov cleared for security and *still* be insecure.
If you're not a competent admin, you could use a custom SE Linux based setup that's
There's people out there who can set up fairly secure Windows servers from what I hear. I'm not one of them. Since I'm very comfortable administering a Linux box, that's the most secure machine for me to run.
So in conclusion, run the OS you know how to secure. Barring that, hire someone that *does* know how to secure the OS they use.
You're reading Slashdot. Of course you like Linux and pc hardware
seisint is a subsidiary of lexisnexis which is a subsidiary of Reed Elsevier
/nowplaying/index.html
If the businesses are going to make the information valuable, then their responsibility to protect it should be greater. There is a wide gap between the damage that can be done through ID-theft and the repercussions a company experiences when they let it out into the world.
But if your information leaks out, then the business holding it isn't directly harmed. If I'm not mistaken, there as yet is no legal obligation for the data warehouses to safeguard all of that personal information. Credit issuers and the like have an interest in seeing that information held securely, since it ultimately costs them (not much, but not zero) time and money to deal with any credit fraud that results from identity theft. It's just an interest, though, and all that the banks and credit card companies can do is apply pressure.
Meanwhile, the Big Three credit reporting agencies offer "protection" by charging a fee to place your file on the watch-list. (They're obligated to do this for free for a number of years if you are defrauded, but this is for those of us who haven't had their credit files fall into the wrong hands -- yet.) The implication, of course, is that they aren't watching your file if you're not paying for "protection". Nice little racket, hmm?
Equifax and Trans Union (didn't dig too deeply on Experian's website, so they may or may not offer it), as part of their "protection", also offer insurance against identity theft -- to the tune of $25,000. (And for Equifax, that's the "premium" level which costs you $100/year -- the "basic" level only gives you $2,500 in insurance.) Most documented cases of people stuck with having to fix their credit profiles have had direct costs much higher than that, to say nothing of the costs in time and personal well-being. Some insurance policy.
Citizen financial data is the commodity. The fact that it is directly linked to the lives of citizens is an afterthought to the financial services industry. Once the bills come up in Congress, I'm writing my congresscritters -- do you plan to do the same?
We can believe in you for 3 minutes, but beyond that, even the King of All Cosmos can't be expected to wait.
I heard on the radio saying all you have to do is go in a corporate office, drop a CD somewhere with a label that says CONFIDENTIAL Salary Information with a a company logo, and gauranteed, whomever finds it will stick the CD in their computer with whatever bug you have on it... and if the computer is on the network, you are in...
Almost every Harvard student was High School Valedictorian- After a year of college, half are in the bottom of the class
There was newsitem earlier about offshore-based ID theft. Many /.ers huffed and puffed about this. Well, this seems to be an all-American affair. No self-flagellation yet?
..is it those companies property to store, anyway? It's all these various peoiple's "Intellectual Property", it should be treated with the same level of laws that some copyrighted song or patented software, etc, is at a minimum. It should be default illegal to just take it, store it, trade it, sell it, etc without express written legal contract between the person and the data mining company. Just because you are forced to *use* your personal data IP to engage in some business transaction shouldn't mean they now own all that IP, it's still *yours*. The gas station doesn't get to own my car when I go in to buy some gas. But these shady and shoddy industries (yes they are, they are slimy) are allowed to just steal your info and property and treat it like their product and property. since when is this supposed to be cool? Serious wrongness going on.
THAT is what needs to change more than more grade B rube goldberg "security" features which are the best any of them could pull off anyway if they even tried. If they don't have it and store it in the first place, it can't be compromised later on, can it? That would be real security, nothing there to steal in the first place. I say put em completely out of business, make it illegal the way it stands now. If someone wants to sell their personal data, then fine, write up a contract and let's see some serious folding cash change hands for it, it shouldn't be the default they ownzors you just to conduct some transaction with some doofus merchant.
Just throwing this out as an idea:
When can we get limited (one time or N use) credit card numbers. Not the account number but each account has a set of numbers available for use.
Or a number is tied only to a particular merchant and if the billing number the merchant uses is stolen, it can't be used by a different merchant.
Or digitally sign the authorization including the merchant and date for one time use or with a merchant and date range for use at iTunes, etc.
Please expand.
To reduce the identity theft immensely, one or more of the following MUST be legislated:
1. Replace the SSN with SecureID card with challenge keypad (none of those biometric foo-foo crap, bio is non-revokable)
2. Make data aggregation illegal (ooooh, sorry credit bureaus)
3. Make IRS the focal point of multi-keyed 2nd-generation SSN registration centre (sorry SSA, you screwed up, big-time!)
4. Customer "optionally" generate a NEW SSN for each business or financial institutions. (remember, data aggregation should be illegal)
5. Credit Bureau would function just fine (just a bit laggard with aggregation effort).
Once imposed, identity theft would (I guarantee this) be reduced to insignificant amount.
UNTIL THEN, nothing is currently being done to reduce the water flow from the Dutch Boy's leaking dikes.
It doesn't take much brain to resolve this crisis, just time and money. The Congress has absolutely no clue on how to fix this mess... Write your congressman today with these suggestions.
I had my idenity taken back in late Feb, my first indication was my credit card company calling and asking if I had moved to Mass, ( I live in Florida ). Thinking it was a simple credit card takeover I was not real hurried in checking my other accounts. To my shock the following week I found my debit card was also no longer mine, and since have found I bought a car in Puerto Rico, have done instant credits and store credit cards and such and opened at least one checking account. I placed Fraud Alerts and have been steadily mailing out fraud kit affidavits. I can consider my own credit at least for now as history, I'm lucky that I own my home, have very few bills and am just a few years from retirement. Whoever did me had access to information such as mothers maiden name previous residences and such so they got into my files somehow.
If I was just starting out this would be even worse, try getting a loan with iffy or questionable credit, or rent an apartment, or even try for a job, my accounts are blocked so I would have to be home to ok the viewing of my files. Odds are they would get a requested request and fraud alert notation.
If I found who was dumb enough to release my files I'd sue them plain and simple. And I would hope that enough other lawsuits came in to help bury them.
...so even though each person would probably only receive $10, add that up x300,000, add on a few mil for the lawyers fees and they might not be so cavalier with other peoples data.
I am NaN
This "breech" is that normal "individuals" or "citizens" were able to get this information. I'm upset that whoever did this "obtained" this information illegaly, however, the only difference between what happened on that occasion and every other day is they didn't pay for it. LexusNexus normally "sells" this information to whoever wants it. Everyone from accounts to journalists can buy it. Maybe they don't get as much detail as judges or maybe they do. Anyway, who said that LexisNexis can have it, if it takes a court order to get this info from them, then they shouldn't have it in the first place.
My department was aware of this breach a few months back, before it broke. Our concern definately wasn't the SS #s -- it was the home addresses. Problem was that a number of state and federal officials, judges, DAs, and other folks with long lists of people who may harbor grudges against them for performing their jobs, suddenly had their contact information wiidely available. The breach happened before courtroom security issues took such a dramatic front-page turn, but recent events highlight the additional danger these folks have always faced when dealing with criminal prosecutions.
...to completely misunderstand the issue. Some of this has been pointed out as replies to other misguided posts, but it's worth repeating.
The only reason this is breach was discovered, is because LexisNexis performed an audit of Seisint's services during the integration of Seisint after it was purchased by LexisNexis.
Stolen passwords were used to access Seisint. It was not hacked or cracked or anything like that. This is similar to what happened several months back when a gentleman hacked into the NYTimes servers, discovered their LN account username and passord, and logged several hundred thousand dollars worth of searches looking for mentions of his name in the news. Except, of course, this time they were accessing a database of more sensitive information.
The personal information that was compromised was not the information of the customers.
The purchase of Seisint by LexisNexis was announced on Sept. 1, 2004. From the press release:
Seisint provides information products that allow business, financial services, legal and government customers to quickly and easily extract valuable knowledge from a vast array of data. Its products, including Accurint(TM) and Securint(TM), support customers in critical activities such as debt recovery, due diligence, fraud detection, identity verification, law enforcement, legal investigations, pre-employment screening, resident screening, and data supercomputing. Seisint's services and products are supported by integrating the Seisint Data Supercomputer technology and patent-pending data linking methods.
About LexisNexisLexisNexis® (www.lexisnexis.com ) is a leader in comprehensive and authoritative legal, news and business information and tailored applications. A member of Reed Elsevier Group plc [NYSE: ENL; NYSE: RUK] (www.reedelsevier.com), the company does business in 100 countries with 13,000 employees worldwide. In addition to its flagship Web-based Lexis® and Nexis® research services, the company includes some of the world's most respected legal publishers such as Martindale-Hubbell, Matthew Bender, Butterworths, JurisClasseur, Abeledo-Perrot and Orac.
Through its risk management flagship products, RiskWise®, PeopleWise® and Banko®, LexisNexis Risk Management helps to locate people and assets, authenticate identity, enable commerce, conduct background screening, and support national security initiatives. Customers include government agencies, top law firms and major corporations. For more information, contact www.lexisnexis.com/riskmanagement.
So, here's an idea for everyone. How about keeping your opinions to subjectst that you have even the slightest idea about?
So much of the threat of identity theft is because SSNs are so powerful.
No, much of the threat of the identity theft is because stupid banks and stupid credit card companies let people take all your money simply because they know your SSN.
Imagine if SSN disappeared and banks let people get all you money because they can spell your name, or know your birthday, etc. You will end up will the same problem.
The whole "identity theft" thing is just a scam pulled by banks to transfer their responsibility (to properly verify people's identity) into your responsibility (to safeguard some "secret" such as your SSN).
Guess what, in places like Hong Kong, where people actually have a mandatory identity card and number, you can't get peoples money simply by knowing the card number! Banks here use your signature to verify your identity, and sometimes you have present the physical card as well (which has anti-forgery features) for large withdrawals too.
Not to say forging signatures and id cards is impossible, but at least much more difficult than digging up an open "secret" like your SSN.
Oliver.
Quote: "There were about 59 incidents of this fraudulent activity, the company said. Law enforcement officials are investigating the case." (Link here). Surely they should have spotted something was wrong after about the fifth attempt!!!
The latest gadget news and reviews. www.absolutegadget.com