LexisNexis Suddenly Notices Massive Data Security Breaches Everywhere They Look

from the oh,-look,-there's-another-one! dept

Funny how once the media attention for the various computer security break-ins started receiving attention, the various firms who were caught handing out your private data suddenly noticed that they’d actually been leaking data all along. Choicepoint, which was the first big one to admit a problem, later found a history of leaked data. It appears they’re not alone. LexisNexis, whose Seisant subsidiary wasn’t particularly careful in how it kept all that data about you that you didn’t realize they had (much of it, probably wrong), decided that maybe it would be a smart move to look over some past transactions to see if this data leakage was a new problem. Turns out that it wasn’t. LexisNexis is now admitting that they found not one or two more cases, but fifty-nine cases where their security was breached, opening up access to all sorts of private data (this is one of the databases the government likes to use to build profiles on people). The company is sending out letters to 280,000 people to let them know that they may have to spend the rest of their lives carefully scanning credit reports to make sure the company’s own negligence didn’t result in identity theft. Meanwhile, everyone’s still being told that, basically, there’s nothing they can do against any of these firms that didn’t seem to care about your privacy at all.

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “LexisNexis Suddenly Notices Massive Data Security Breaches Everywhere They Look”

Subscribe: RSS Leave a comment
dorpus says:

What if dead people come back to life?

If that’s a problem in the record keeping world, imagine the problems in the educational world when a survey of schoolchildren showed that 15% of them thought that dead people can come back to life. The Ministry of Education has issued new reading materials for schoolkids to understand that dead people don’t come back.


Commander Oberon says:

You do have recourse....

You probably do have a recourse against these companies, but it’s going to take a really good lawyer, and most likely a class action, to pull it off.

IANAL, but it sure seems to me like these companies (let’s take ChoicePoint) have a responsibility to prevent fraud and criminal activity. If, by virtue of their low standards, they are facilitating criminal behavior, such as identify theft, then they really should be part of the crime — in a manner similar to the bartender who allows a customer to get totally soused and then drive home.

As a person who has been wronged by the John Doe criminals, you should be able to go after the company that facilitated their crime by lack of diligence.

How about going after them for libel? If they have published incorrect information about your financial status, that could cause you undue stress and duress, and irreparably taint your image.

Or, go after them under Federal law: the SSN is not to be used as a means of identification by anyone except the federal gov’t (that’s codified in the US Code).

Jim Harper says:

Recourse in the Courts

The assumption that there’s no recourse probably only exists because this problem is so new and few courts have addressed it yet. But courts in at least two states have and they found that holders of sensitive data have a responsibility to protect the subjects of the data. A case in Michigan is directly on point: a union’s leak of data to identity fraudsters made it responsible to the union members whose data they leaked. More on this, and the failure of regulation to create security, is in a piece I wrote here.

Commander Oberon says:

Re: Data Leak

If I understand you correctly, identity theft is the fault of the credit card companies because they gave credit to a fraudster?

I think not. The credit card company is often also a victim: the fraudster has produced all the correct information to obtain a credit card. How can you blame a company for issuing credit when they have been presetned with 100% valid identification? (Now, the credit card companies are guilty of a host of sins, such as giving credit to people who probably won’t pay and then getting the bankruptcy laws changed so are first in line to collect money after personal bankruptcy is declared, but I don’t hold them directly responsible for this.).

The credit card companies sure could make it harder to use physically stolen cards, but that’s a different issue altogether.

The real fault lies in the data repositories, since they are not safeguarding the information, they should be held liable.

Anonymous Coward says:

Make it worthless

If you can’t opt-out and can’t afford to sue the bastards, the only solution left is to make your credit score worthless. If your identity has no value, no one will steal it.

A mailing the other day “If you have a 500+ credit score, you can get a home loan” and a 590 credit score means 21% of the US population has a lower score backs the idea that the lenders are outta control and shows how low your score has got to be to get turned down.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...