Slashdot Mirror

← Back to Stories (view on slashdot.org)

LexisNexis Breach Worse Than Believed

Posted by Zonk on from the when-it-rains dept.

Rollie Hawk writes "Worldwide law and news sifter LexisNexis has some bad news of its own this time. Actually, "bad" might sharply understate the situation. More than a month after disclosing information on a database breach that led to 32,000 customer IDs being stolen, the results of an internal review showed that in fact the damage was nearly ten times worse than previously thought. LexisNexis is already "offering free support services, including credit bureau reports, credit monitoring for one year and fraud insurance" to the nearly 300,000 additional victims it will soon be contacting, according to a Reed Elsevier statement to the Regulatory News Service. So far, no identity thefts have been reported by earlier victims, at least some of whom had private information such as addresses and Social Security numbers unwittingly divulged."

14 of 238 comments (clear)

  1. Social Engineering by TripMaster+Monkey · · Score: 5, Insightful


    From the article:


    The thieves, who obtained information including addresses and Social Security numbers, did not hack into the computer system. Instead, they were able to fool the company into giving out password information, CNN reported.


    Your network's security is inversely proportional to your users' gullibility.

    --
    ____

    ~ |rip/\/\aster /\/\onkey

    1. Re:Social Engineering by ShaniaTwain · · Score: 5, Funny

      but to be fair, maybe they offered them chocolate for all that personal information.

      who can resist chocolate?

      --
      Starsucks
    2. Re:Social Engineering by andy1307 · · Score: 4, Interesting

      How long before "someone" calls up people to tell them their SSN was stolen in the Lexis-Nexis break-in and asks them to verify their SSN/address so that they can receive "free" credit protection. I'm willing to bet at least 10% of people called will give away their own information.

  2. Why? by i.r.id10t · · Score: 5, Insightful

    Why on earth would lexisnexis (or any other site providing a service) need a customer's SSN? Ok, some tax sites I can understand if you are electronically filing, but for anything else?

    --
    Don't blame me, I voted for Kodos
    1. Re:Why? by geoffeg · · Score: 4, Funny

      Me thinks you don't understand the expanse of data that lexis nexis has on people. They not only have your SSN but they probably have data on how many times you've bitched about people knowing your SSN. :)
      I sometimes think that Lexis Nexis is the Matrix, it just hasn't become fully sentient.

    2. Re:Why? by The+Good+Reverend · · Score: 5, Interesting

      Do you know what Lexis Nexis does? Among many other things, they provide personal information, including names, addresses, phone numbers, and state/federal public records (bankruptcies, mortgage records, court filings, etc.). Many of these records have social security numbers associated with them, just like they do if you go to your county hall of records.

      Customers didn't have their SSNs stolen, some people with records in the system (which includes everyone in the US) did. While I think this really is bad, you'd be amazed who already has your SSN, your address history, and all sorts of other personal information. It's not hard to get.

  3. Man... by Bananatree3 · · Score: 5, Funny

    Just when I thought it was safe to come out of my concrete bunker, I see 300,000 people's identities stolen. [puts tin foil hat back on, slams steel door]

  4. These identity theft notices are pretty frequent by HMA2000 · · Score: 5, Interesting

    Increased security will only take us so far considering the increasing reliance of all companies on databases.

    Businesses need to quit making personal information so valuable, which means an end to instant credit. This, of course, would have some pretty far reaching implications for the hot-tub and big screen TV market but you take the good with the bad.

  5. Of course it hasn't been used yet. by Qzukk · · Score: 5, Insightful

    You'd have to be stupid to pull something like this then rush out and use the information you just got.

    Wait 8-9 years, then we'll see whose identity information is being misused when this incident is just a distant memory and people are scratching their heads over how their information "got away".

    --
    If I have been able to see further than others, it is because I bought a pair of binoculars.
  6. Re:LexisNexis Breach Worse Than Believed by Timesprout · · Score: 5, Funny

    Na, more like

    Dear clients, We got owned. We got owned in a big way. We got so owned in fact we are not sure we are sending this letter to you or to the person who stole you identity information (if you are the thief you are a very very bad person and somewhere a kitten is crying because of what you did)

    --
    Do not try to read the dupe, thats impossible. Instead, only try to realize the truth
    What truth?
    There is no dupe
  7. arrogance by netruner · · Score: 4, Informative

    I took a class in grad school on the general legal environment in engineering (mostly IP issues), but for part of our legal research, we were given access to Lexus Nexus by one of their sales reps. Part of us being given access was that we had to listen to the rep talk about the company. I questioned whether ornot the responsability of keeping such a large database with such personal info in it was a nitemarish liability, and was told by the rep that if anyone wanted to sue them "I'ts a company full of lawyers- good luck".

    --



    DISCLAIMER: This post was not checked for speling and grammar- if you complain- you're a whiner
  8. Re:Do they know more than google? by Tenareth · · Score: 4, Informative


    Their biggest database is just public records, so they have your information if you ever took out a loan, bought a house, have a drivers license, been arrested, or walked near an ATM.

    That is not what got abused, another database owned by Seisint (Only recently purchased by LexisNexis) was the target.

    It was a social engineering attack.

    --
    This sig is the express property of someone.
  9. Re:I'm really glad by amliebsch · · Score: 4, Insightful
    Most of their data content (as opposed to news articles) comes from government agencies, is in the public domain, and is just a Google search away.

    Um. Have you ever had to do any serious legal research? Having done so, let me tell you, the breadth of their content, along with its consistency in format, cross-referencing, editorial content, and user tools are way beyond anything that is freely available.

    --
    If you don't know where you are going, you will wind up somewhere else.
  10. Re:I'm really glad by The+Good+Reverend · · Score: 4, Informative

    Most of their data content (as opposed to news articles) comes from government agencies, is in the public domain, and is just a Google search away.

    That's simply not true. As someone uses Lexis-Nexis' public records and data content every day, as well as google, there's a lot of information that isn't available on the free internet. While a lot of it IS in the public domain, it's not centralized, and it's not updated, and it's not reliable. If you have some source publically and freely available, I'd love to know about it.