The Zen Of Button Mashing
More 3G Interoperability With Japan

LexisNexis Suddenly Notices Massive Data Security Breaches Everywhere They Look

(Mis)Uses of Technology

from the oh,-look,-there's-another-one! dept

Tue, Apr 12th 2005 3:19amMike Masnick
Funny how once the media attention for the various computer security break-ins started receiving attention, the various firms who were caught handing out your private data suddenly noticed that they'd actually been leaking data all along. Choicepoint, which was the first big one to admit a problem, later found a history of leaked data. It appears they're not alone. LexisNexis, whose Seisant subsidiary wasn't particularly careful in how it kept all that data about you that you didn't realize they had (much of it, probably wrong), decided that maybe it would be a smart move to look over some past transactions to see if this data leakage was a new problem. Turns out that it wasn't. LexisNexis is now admitting that they found not one or two more cases, but fifty-nine cases where their security was breached, opening up access to all sorts of private data (this is one of the databases the government likes to use to build profiles on people). The company is sending out letters to 280,000 people to let them know that they may have to spend the rest of their lives carefully scanning credit reports to make sure the company's own negligence didn't result in identity theft. Meanwhile, everyone's still being told that, basically, there's nothing they can do against any of these firms that didn't seem to care about your privacy at all.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

15 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    dorpus, 12 Apr 2005 @ 4:14am

    What if dead people come back to life?

    If that's a problem in the record keeping world, imagine the problems in the educational world when a survey of schoolchildren showed that 15% of them thought that dead people can come back to life. The Ministry of Education has issued new reading materials for schoolkids to understand that dead people don't come back.

    http://headlines.yahoo.co.jp/hl?a=20050412-00000182-kyodo-soci

    link to this | view in chronology ]

  • identicon
    LIndsay, 12 Apr 2005 @ 4:51am

    according to Netcraft

    they run Windoze & IIS

    link to this | view in chronology ]

  • identicon
    Commander Oberon, 12 Apr 2005 @ 6:13am

    You do have recourse....

    You probably do have a recourse against these companies, but it's going to take a really good lawyer, and most likely a class action, to pull it off.

    IANAL, but it sure seems to me like these companies (let's take ChoicePoint) have a responsibility to prevent fraud and criminal activity. If, by virtue of their low standards, they are facilitating criminal behavior, such as identify theft, then they really should be part of the crime -- in a manner similar to the bartender who allows a customer to get totally soused and then drive home.

    As a person who has been wronged by the John Doe criminals, you should be able to go after the company that facilitated their crime by lack of diligence.

    How about going after them for libel? If they have published incorrect information about your financial status, that could cause you undue stress and duress, and irreparably taint your image.

    Or, go after them under Federal law: the SSN is not to be used as a means of identification by anyone except the federal gov't (that's codified in the US Code).

    link to this | view in chronology ]

    • identicon
      chris, 12 Apr 2005 @ 10:07am

      Re: You do have recourse....

      Libel ? The information is not published, it is not subject to FCRA and you obviously have very little understanding of the law, or just plain cant read, try again .

      link to this | view in chronology ]

      • identicon
        Commander Oberon, 12 Apr 2005 @ 10:13am

        Re: You do have recourse....

        > FCRA and you obviously have very little understanding of the law,< br>
        Duh, can't *you* read? I specifically stated IANAL.

        But, for the record, the inforamtion definitely *IS* published, every single time someone gets any information on you, it's published.

        link to this | view in chronology ]

        • identicon
          chris, 12 Apr 2005 @ 10:21am

          Re: You do have recourse....

          IANAL always precedes a legal opinion, you can leave that out because when I read your statement it shows YANAL

          link to this | view in chronology ]

          • identicon
            Anonymous Coward, 12 Apr 2005 @ 12:06pm

            Re: You do have recourse....

            It sounds like this Chris poster is one of bad guys. :-D Flames on Techdirt.

            link to this | view in chronology ]

  • identicon
    Jim Harper, 12 Apr 2005 @ 7:19am

    Recourse in the Courts

    The assumption that there's no recourse probably only exists because this problem is so new and few courts have addressed it yet. But courts in at least two states have and they found that holders of sensitive data have a responsibility to protect the subjects of the data. A case in Michigan is directly on point: a union's leak of data to identity fraudsters made it responsible to the union members whose data they leaked. More on this, and the failure of regulation to create security, is in a piece I wrote here.

    link to this | view in chronology ]

  • identicon
    chris, 12 Apr 2005 @ 7:39am

    Data Leak

    Dont blame the data companies for ID theft, blame the companies who issue credit. You are shooting the messenger!!!!!!!!

    link to this | view in chronology ]

    • identicon
      Commander Oberon, 12 Apr 2005 @ 8:05am

      Re: Data Leak

      If I understand you correctly, identity theft is the fault of the credit card companies because they gave credit to a fraudster?

      I think not. The credit card company is often also a victim: the fraudster has produced all the correct information to obtain a credit card. How can you blame a company for issuing credit when they have been presetned with 100% valid identification? (Now, the credit card companies are guilty of a host of sins, such as giving credit to people who probably won't pay and then getting the bankruptcy laws changed so are first in line to collect money after personal bankruptcy is declared, but I don't hold them directly responsible for this.).

      The credit card companies sure could make it harder to use physically stolen cards, but that's a different issue altogether.

      The real fault lies in the data repositories, since they are not safeguarding the information, they should be held liable.

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 12 Apr 2005 @ 8:58am

        Lawyers rejoice !



        I SMELL A BIG FAT CLASS ACTION SUIT ....

        link to this | view in chronology ]

      • identicon
        chris, 12 Apr 2005 @ 10:14am

        Re: Data Leak

        Why oh why can't you understand this situation. Believe it or not the companies who issue credit have obligations for users of data under FCRA!! The credit card companies cry victim only after NOT meeting FCRA requirements and following guide lines.

        link to this | view in chronology ]

  • identicon
    Anonymous Coward, 13 Apr 2005 @ 10:22am

    Make it worthless

    If you can't opt-out and can't afford to sue the bastards, the only solution left is to make your credit score worthless. If your identity has no value, no one will steal it.

    A mailing the other day "If you have a 500+ credit score, you can get a home loan" and a 590 credit score means 21% of the US population has a lower score backs the idea that the lenders are outta control and shows how low your score has got to be to get turned down.



    link to this | view in chronology ]

  • identicon
    Kris, 14 Dec 2009 @ 8:50am

    Unlike some companies who have been lax with their data protection practices, I think that Lexis has a real onus on them to provide security. Not only do they receive plenty of money for their service, they are handling some very important data. Let's hope this scare straightens them out a bit.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 6 Feb 2015 @ 11:25pm

    Ooh

    I'd love to get a full dump of their database. Best fullz ever :D

    link to this | view in chronology ]


The Zen Of Button Mashing
More 3G Interoperability With Japan
Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

Friday

19:39 Important Announcement: Techdirt Is Migrating To A New Platform (0)
More arrow

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.