When Everything Is Computerized... Everything... >>
<< The Zen Of Button Mashing
 tdicon 

(Mis)Uses of Technology

by Mike Masnick

Tue, Apr 12th 2005 3:19am





LexisNexis Suddenly Notices Massive Data Security Breaches Everywhere They Look

from the oh,-look,-there's-another-one! dept

Funny how once the media attention for the various computer security break-ins started receiving attention, the various firms who were caught handing out your private data suddenly noticed that they'd actually been leaking data all along. Choicepoint, which was the first big one to admit a problem, later found a history of leaked data. It appears they're not alone. LexisNexis, whose Seisant subsidiary wasn't particularly careful in how it kept all that data about you that you didn't realize they had (much of it, probably wrong), decided that maybe it would be a smart move to look over some past transactions to see if this data leakage was a new problem. Turns out that it wasn't. LexisNexis is now admitting that they found not one or two more cases, but fifty-nine cases where their security was breached, opening up access to all sorts of private data (this is one of the databases the government likes to use to build profiles on people). The company is sending out letters to 280,000 people to let them know that they may have to spend the rest of their lives carefully scanning credit reports to make sure the company's own negligence didn't result in identity theft. Meanwhile, everyone's still being told that, basically, there's nothing they can do against any of these firms that didn't seem to care about your privacy at all.

14 Comments | Leave a Comment

If you liked this post, you may also be interested in...

Reader Comments (rss)

(Flattened / Threaded)

  1.  
    identicon
    dorpus, Apr 12th, 2005 @ 4:14am

    What if dead people come back to life?

    If that's a problem in the record keeping world, imagine the problems in the educational world when a survey of schoolchildren showed that 15% of them thought that dead people can come back to life. The Ministry of Education has issued new reading materials for schoolkids to understand that dead people don't come back.

    http://headlines.yahoo.co.jp/hl?a=20050412-00000182-kyodo-soci

     

    reply to this | link to this | view in thread ]

  2.  
    identicon
    LIndsay, Apr 12th, 2005 @ 4:51am

    according to Netcraft

    they run Windoze & IIS

     

    reply to this | link to this | view in thread ]

  3.  
    identicon
    Commander Oberon, Apr 12th, 2005 @ 6:13am

    You do have recourse....

    You probably do have a recourse against these companies, but it's going to take a really good lawyer, and most likely a class action, to pull it off.

    IANAL, but it sure seems to me like these companies (let's take ChoicePoint) have a responsibility to prevent fraud and criminal activity. If, by virtue of their low standards, they are facilitating criminal behavior, such as identify theft, then they really should be part of the crime -- in a manner similar to the bartender who allows a customer to get totally soused and then drive home.

    As a person who has been wronged by the John Doe criminals, you should be able to go after the company that facilitated their crime by lack of diligence.

    How about going after them for libel? If they have published incorrect information about your financial status, that could cause you undue stress and duress, and irreparably taint your image.

    Or, go after them under Federal law: the SSN is not to be used as a means of identification by anyone except the federal gov't (that's codified in the US Code).

     

    reply to this | link to this | view in thread ]

  4.  
    identicon
    Jim Harper, Apr 12th, 2005 @ 7:19am

    Recourse in the Courts

    The assumption that there's no recourse probably only exists because this problem is so new and few courts have addressed it yet. But courts in at least two states have and they found that holders of sensitive data have a responsibility to protect the subjects of the data. A case in Michigan is directly on point: a union's leak of data to identity fraudsters made it responsible to the union members whose data they leaked. More on this, and the failure of regulation to create security, is in a piece I wrote here.

     

    reply to this | link to this | view in thread ]

  5.  
    identicon
    chris, Apr 12th, 2005 @ 7:39am

    Data Leak

    Dont blame the data companies for ID theft, blame the companies who issue credit. You are shooting the messenger!!!!!!!!

     

    reply to this | link to this | view in thread ]

  6.  
    identicon
    Commander Oberon, Apr 12th, 2005 @ 8:05am

    Re: Data Leak

    If I understand you correctly, identity theft is the fault of the credit card companies because they gave credit to a fraudster?

    I think not. The credit card company is often also a victim: the fraudster has produced all the correct information to obtain a credit card. How can you blame a company for issuing credit when they have been presetned with 100% valid identification? (Now, the credit card companies are guilty of a host of sins, such as giving credit to people who probably won't pay and then getting the bankruptcy laws changed so are first in line to collect money after personal bankruptcy is declared, but I don't hold them directly responsible for this.).

    The credit card companies sure could make it harder to use physically stolen cards, but that's a different issue altogether.

    The real fault lies in the data repositories, since they are not safeguarding the information, they should be held liable.

     

    reply to this | link to this | view in thread ]

  7.  
    identicon
    Anonymous Coward, Apr 12th, 2005 @ 8:58am

    Lawyers rejoice !



    I SMELL A BIG FAT CLASS ACTION SUIT ....

     

    reply to this | link to this | view in thread ]

  8.  
    identicon
    chris, Apr 12th, 2005 @ 10:07am

    Re: You do have recourse....

    Libel ? The information is not published, it is not subject to FCRA and you obviously have very little understanding of the law, or just plain cant read, try again .

     

    reply to this | link to this | view in thread ]

  9.  
    identicon
    Commander Oberon, Apr 12th, 2005 @ 10:13am

    Re: You do have recourse....

    > FCRA and you obviously have very little understanding of the law,< br>
    Duh, can't *you* read? I specifically stated IANAL.

    But, for the record, the inforamtion definitely *IS* published, every single time someone gets any information on you, it's published.

     

    reply to this | link to this | view in thread ]

  10.  
    identicon
    chris, Apr 12th, 2005 @ 10:14am

    Re: Data Leak

    Why oh why can't you understand this situation. Believe it or not the companies who issue credit have obligations for users of data under FCRA!! The credit card companies cry victim only after NOT meeting FCRA requirements and following guide lines.

     

    reply to this | link to this | view in thread ]

  11.  
    identicon
    chris, Apr 12th, 2005 @ 10:21am

    Re: You do have recourse....

    IANAL always precedes a legal opinion, you can leave that out because when I read your statement it shows YANAL

     

    reply to this | link to this | view in thread ]

  12.  
    identicon
    Anonymous Coward, Apr 12th, 2005 @ 12:06pm

    Re: You do have recourse....

    It sounds like this Chris poster is one of bad guys. :-D Flames on Techdirt.

     

    reply to this | link to this | view in thread ]

  13.  
    identicon
    Anonymous Coward, Apr 13th, 2005 @ 10:22am

    Make it worthless

    If you can't opt-out and can't afford to sue the bastards, the only solution left is to make your credit score worthless. If your identity has no value, no one will steal it.

    A mailing the other day "If you have a 500+ credit score, you can get a home loan" and a 590 credit score means 21% of the US population has a lower score backs the idea that the lenders are outta control and shows how low your score has got to be to get turned down.



     

    reply to this | link to this | view in thread ]

  14.  
    identicon
    Kris, Dec 14th, 2009 @ 8:50am

    Unlike some companies who have been lax with their data protection practices, I think that Lexis has a real onus on them to provide security. Not only do they receive plenty of money for their service, they are handling some very important data. Let's hope this scare straightens them out a bit.

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
When Everything Is Computerized... Everything... >>
<< The Zen Of Button Mashing
 tdicon 
Follow Techdirt
Flattr rss rss
A word from our Sponsors...
Sponsored Resource
Essential Reading
Techdirt Reading List
Techdirt Insider Chat

A word from our Sponsors...
Recent Stories

Friday

7:39pm: In Defense Of Digital Freedom: It's Time To Get Beyond 'Cyber' Hyperbole (2)
6:40pm: Xbox One Release: Tons Of Questions, Very Few Answers (44)
5:37pm: Think DOJ Spying On Reporters Was 'Unprecedented'? Think Again (5)
5:00pm: DailyDirt: DIY Soda (Pop Or Whatever You Call Carbonated Beverages) (3)
3:51pm: Petition Asks Obama To Support Treaty For The Blind, Rather Than Siding With Hollywood (13)
2:46pm: Fair Use For Me, But Not For Thee (24)
1:45pm: Another Court Tells Prenda To Pay Up On Attorneys Fees (20)
12:45pm: If You Thought Copyright Was A Mess On Earth, What Does It Look Like In Space? (23)
11:45am: Guy Sues Twitter For Taking Away His Twitter Handle (12)
10:40am: Copyright... Patent... It's All The Same To The World's Third-Largest News Agency (56)
More arrow
A word from our Sponsors...

Close

Email This