Complain about a product or service

Previous Data Thefts Unreported

ChoicePoint, LexisNexis Didn't Notify Consumers About Earlier Breeches

April 14, 2005
Evidence continues to mount that personal information on millions of Americans, stored in massive computer databases, is not only at risk, but that much of it may have already been stolen. The latest revelation has rocked LexisNexis, which now concedes that cyber-criminals have been rifling its files for at least three years, with consumers blissfully in the dark.

ChoicePoint • Lexis-Nexis Parent To Buy ChoicePoint • ChoicePoint Settles Data Breach Lawsuit • More ChoicePoint Identity Theft Victims Identified • ChoicePoint Settles With Attorneys General Over Data Breach • FTC Finally Sets Up Redress For ChoicePoint Victims • ChoicePoint Names a "Consumer Advocate" • FTC Fails To Pay Victims Of ChoicePoint Data Breach • ChoicePoint Gets a Makeover • Data Blunders Cost ChoicePoint $15 Million • Guilty Plea in ChoicePoint Data Theft • ChoicePoint Finds More Cases Of Illegal Data Access • ChoicePoint Responds • PATRIOT Act Further Empowers ChoicePoint • Previous Data Thefts Went Unreported • Consumers Will Be Able to See Their ChoicePoint Records, Company Says • Nigerian Sentenced to Prison in ChoicePoint Theft • State Tally of ChoicePoint Victims • ChoicePoint Breach Worse Than First Reported • Is National Security Compromised by ID Theft? • States Demand ChoicePoint Notify ID Theft Victims • Private Information Stolen from Nationwide Consumer Database

A LexisNexis executive, testifying before a Congressional committee this week, said there has been at least one data break-in that was never reported to the public. Earlier, the data management firm revised its estimate of the number of compromised computer files from 32,000 to 310,000.

ChoicePoint Inc. conceded under questioning that it too suffered breaches before passage of a California law in 2003 that requires companies doing business in the state to notify consumers that their data might be at risk, officials said.

Since they were not legally obligated to do so, the companies chose not to alert the public in those cases.

The Electronic Privacy Information Center, a Washington-based privacy watchdog, has renewed its call for federal regulation of data brokers, saying there is too much secrecy surrounding their practices and too little accountability. EPIC said in the LexisNexis case, databases had been fraudulently breached 59 times using stolen passwords, allowing access to addresses, Social Security numbers, and other sensitive information.

Sen. Dianne Feinstein (D-Calif.) has sponsored a bill that would establish a national notification law, similar to the state law already in effect in California. She has introduced similar bills several times in past sessions, with no success.

More than 20 states are studying California's statute and considering enacting similar legislation.

Kurt Sanford, LexisNexis President and CEO for U.S. Corporate and Federal Markets, told Congress that an earlier, unreported break-in occurred prior to 2003. He did not give details or estimate how many personal files might have been compromised.

The issue of consumer privacy and data brokers took center stage earlier this year when Georgia-based ChoicePoint revealed that data thieves had used phony accounts to access the most sensitive financial information on hundreds of thousands of consumers nationwide. Officials at EPIC say the issue is not security, but privacy.

In testimony to the California Senate Banking Committee, EPIC West director Chris Hoofnagle argued that even if commercial data brokers could securely sell personal information, that would not address the underlying issue of whether the information should be sold in the first place. EPIC urged California lawmakers to act quickly to limit commercial data brokers' collection and sale of personal information.

Report Your Experience
If you've had a bad experience -- or a good one -- with a consumer product or service, we'd like to hear about it. All complaints are reviewed by class action attorneys and are considered for publication on our site. Knowledge is power! Help spread the word. File your consumer report now.

Back to the top |