LexisNexis Breach Worse Than Believed

Rollie Hawk writes "Worldwide law and news sifter LexisNexis has some bad news of its own this time. Actually, "bad" might sharply understate the situation. More than a month after disclosing information on a database breach that led to 32,000 customer IDs being stolen, the results of an internal review showed that in fact the damage was nearly ten times worse than previously thought. LexisNexis is already "offering free support services, including credit bureau reports, credit monitoring for one year and fraud insurance" to the nearly 300,000 additional victims it will soon be contacting, according to a Reed Elsevier statement to the Regulatory News Service. So far, no identity thefts have been reported by earlier victims, at least some of whom had private information such as addresses and Social Security numbers unwittingly divulged."

Social Engineering

[TripMaster+Monkey]

From the article:

The thieves, who obtained information including addresses and Social Security numbers, did not hack into the computer system. Instead, they were able to fool the company into giving out password information, CNN reported.

Your network's security is inversely proportional to your users' gullibility.

Re:Social Engineering

[ShaniaTwain]

but to be fair, maybe they offered them chocolate for all that personal information.

who can resist chocolate?

Why?

[i.r.id10t]

Why on earth would lexisnexis (or any other site providing a service) need a customer's SSN? Ok, some tax sites I can understand if you are electronically filing, but for anything else?

Re:Why?

[The+Good+Reverend]

Do you know what Lexis Nexis does? Among many other things, they provide personal information, including names, addresses, phone numbers, and state/federal public records (bankruptcies, mortgage records, court filings, etc.). Many of these records have social security numbers associated with them, just like they do if you go to your county hall of records.

Customers didn't have their SSNs stolen, some people with records in the system (which includes everyone in the US) did. While I think this really is bad, you'd be amazed who already has your SSN, your address history, and all sorts of other personal information. It's not hard to get.

Man...

[Bananatree3]

Just when I thought it was safe to come out of my concrete bunker, I see 300,000 people's identities stolen. [puts tin foil hat back on, slams steel door]

These identity theft notices are pretty frequent

[HMA2000]

Increased security will only take us so far considering the increasing reliance of all companies on databases.

Businesses need to quit making personal information so valuable, which means an end to instant credit. This, of course, would have some pretty far reaching implications for the hot-tub and big screen TV market but you take the good with the bad.

Of course it hasn't been used yet.

[Qzukk]

You'd have to be stupid to pull something like this then rush out and use the information you just got.

Wait 8-9 years, then we'll see whose identity information is being misused when this incident is just a distant memory and people are scratching their heads over how their information "got away".

Re:LexisNexis Breach Worse Than Believed

[Timesprout]

Na, more like

Dear clients, We got owned. We got owned in a big way. We got so owned in fact we are not sure we are sending this letter to you or to the person who stole you identity information (if you are the thief you are a very very bad person and somewhere a kitten is crying because of what you did)