LexisNexis Suddenly Notices Massive Data Security Breaches Everywhere They Look
from the oh,-look,-there's-another-one! dept
Funny how once the media attention for the various computer security break-ins started receiving attention, the various firms who were caught handing out your private data suddenly noticed that they’d actually been leaking data all along. Choicepoint, which was the first big one to admit a problem, later found a history of leaked data. It appears they’re not alone. LexisNexis, whose Seisant subsidiary wasn’t particularly careful in how it kept all that data about you that you didn’t realize they had (much of it, probably wrong), decided that maybe it would be a smart move to look over some past transactions to see if this data leakage was a new problem. Turns out that it wasn’t. LexisNexis is now admitting that they found not one or two more cases, but fifty-nine cases where their security was breached, opening up access to all sorts of private data (this is one of the databases the government likes to use to build profiles on people). The company is sending out letters to 280,000 people to let them know that they may have to spend the rest of their lives carefully scanning credit reports to make sure the company’s own negligence didn’t result in identity theft. Meanwhile, everyone’s still being told that, basically, there’s nothing they can do against any of these firms that didn’t seem to care about your privacy at all.
Comments on “LexisNexis Suddenly Notices Massive Data Security Breaches Everywhere They Look”
What if dead people come back to life?
If that’s a problem in the record keeping world, imagine the problems in the educational world when a survey of schoolchildren showed that 15% of them thought that dead people can come back to life. The Ministry of Education has issued new reading materials for schoolkids to understand that dead people don’t come back.
http://headlines.yahoo.co.jp/hl?a=20050412-00000182-kyodo-soci
according to Netcraft
they run Windoze & IIS
You do have recourse....
You probably do have a recourse against these companies, but it’s going to take a really good lawyer, and most likely a class action, to pull it off.
IANAL, but it sure seems to me like these companies (let’s take ChoicePoint) have a responsibility to prevent fraud and criminal activity. If, by virtue of their low standards, they are facilitating criminal behavior, such as identify theft, then they really should be part of the crime — in a manner similar to the bartender who allows a customer to get totally soused and then drive home.
As a person who has been wronged by the John Doe criminals, you should be able to go after the company that facilitated their crime by lack of diligence.
How about going after them for libel? If they have published incorrect information about your financial status, that could cause you undue stress and duress, and irreparably taint your image.
Or, go after them under Federal law: the SSN is not to be used as a means of identification by anyone except the federal gov’t (that’s codified in the US Code).
Re: You do have recourse....
Libel ? The information is not published, it is not subject to FCRA and you obviously have very little understanding of the law, or just plain cant read, try again .
Re: Re: You do have recourse....
> FCRA and you obviously have very little understanding of the law,
Duh, can’t *you* read? I specifically stated IANAL.
But, for the record, the inforamtion definitely *IS* published, every single time someone gets any information on you, it’s published.
Re: Re: Re: You do have recourse....
IANAL always precedes a legal opinion, you can leave that out because when I read your statement it shows YANAL
Re: Re: Re:2 You do have recourse....
It sounds like this Chris poster is one of bad guys. 😀 Flames on Techdirt.
Recourse in the Courts
The assumption that there’s no recourse probably only exists because this problem is so new and few courts have addressed it yet. But courts in at least two states have and they found that holders of sensitive data have a responsibility to protect the subjects of the data. A case in Michigan is directly on point: a union’s leak of data to identity fraudsters made it responsible to the union members whose data they leaked. More on this, and the failure of regulation to create security, is in a piece I wrote here.
Data Leak
Dont blame the data companies for ID theft, blame the companies who issue credit. You are shooting the messenger!!!!!!!!
Re: Data Leak
If I understand you correctly, identity theft is the fault of the credit card companies because they gave credit to a fraudster?
I think not. The credit card company is often also a victim: the fraudster has produced all the correct information to obtain a credit card. How can you blame a company for issuing credit when they have been presetned with 100% valid identification? (Now, the credit card companies are guilty of a host of sins, such as giving credit to people who probably won’t pay and then getting the bankruptcy laws changed so are first in line to collect money after personal bankruptcy is declared, but I don’t hold them directly responsible for this.).
The credit card companies sure could make it harder to use physically stolen cards, but that’s a different issue altogether.
The real fault lies in the data repositories, since they are not safeguarding the information, they should be held liable.
Re: Re: Lawyers rejoice !
I SMELL A BIG FAT CLASS ACTION SUIT ….
Re: Re: Data Leak
Why oh why can’t you understand this situation. Believe it or not the companies who issue credit have obligations for users of data under FCRA!! The credit card companies cry victim only after NOT meeting FCRA requirements and following guide lines.
Make it worthless
If you can’t opt-out and can’t afford to sue the bastards, the only solution left is to make your credit score worthless. If your identity has no value, no one will steal it.
A mailing the other day “If you have a 500+ credit score, you can get a home loan” and a 590 credit score means 21% of the US population has a lower score backs the idea that the lenders are outta control and shows how low your score has got to be to get turned down.
Unlike some companies who have been lax with their data protection practices, I think that Lexis has a real onus on them to provide security. Not only do they receive plenty of money for their service, they are handling some very important data. Let’s hope this scare straightens them out a bit.
Ooh
I’d love to get a full dump of their database. Best fullz ever 😀