Data brokers didn't notify consumers of past breaches
LexisNexis, ChoicePoint execs grilled by Senate panel
IDG News Service - WASHINGTON -- Two large data brokers that recently reported data breaches potentially affecting hundreds of thousands of U.S. residents have been compromised in the past and have not notified victims, executives from the two companies told a U.S. Senate committee today.
Executives from ChoicePoint Inc. and LexisNexis, under questioning from Sen. Dianne Feinstein (D-Calif.), told the Senate Judiciary Committee that they did not report some data breaches to potential victims before a California law requiring notification went into effect in 2003.
A LexisNexis executive also told the committee that law enforcement agencies have reported 10 incidents of potential identity theft, in which new e-mail or credit-card accounts were opened, related to a recent LexisNexis breach where about 310,000 U.S. residents' records may have been compromised.
Feinstein and committee Chairman Arlen Specter (R-Pa.) questioned the two companies' efforts to notify victims during recently announced breaches of their multibillion-record databases. The companies' databases contain personal information such as driver's license numbers and Social Security numbers.
Specter demanded that LexisNexis provide a detailed explanation in writing of why the company took until Tuesday to announce that 280,000 more U.S. residents may be victims of a recent breach, up from the 32,000 people the company identified in early March (See story). LexisNexis began investigating the breach at its Seisint division, which occurred when thieves gained access to legitimate database passwords in February, said Kurt Sanford, president and CEO of U.S. corporate and federal markets for LexisNexis.
"Didn't you know about the breach in February?" Specter asked.
"I didn't know what I had until I did an investigation, Senator," Sanford answered.
Sanford didn't give an exact number, but he did say the company had some breaches it didn't report to potential victims before the California notification law went into effect. LexisNexis has uncovered 59 breaches, some dating back to early 2003, through the investigation started in February, Sanford said.
Victims of the LexisNexis breaches will get free credit report and credit monitoring services, free credit counseling services and free identity theft insurance, Sanford said. "We will begin notifying those individuals immediately," he said.
In at least one case in 2001, ChoicePoint did not report a breach to victims because it was not told of the focus of a law enforcement investigation that uncovered the compromise, said Douglas Curling, president and chief operating officer of ChoicePoint.
"If it weren't for the California law, we would have no way of knowing the breaches that have occurred," Feinstein responded.
ChoicePoint has found 45 to 50 data breaches, mostly related to a scam it announced this year, Curling said. In
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Is Your Big Data Solution Production-Ready? Read "Is Your Big Data Solution Production-Ready?" now, and discover best practices and actionable steps to implementing a production-ready big data solution.
- Pay-as-you-Grow Data Protection: IBM Tivoli's Full-featured Data Protection Suite for Small to Medium Businesses IBM Tivoli Storage Manager Suite for Unified Recovery gives small and medium businesses the opportunity to start out with only the individual solutions...
- Streamline Data Protection with IBM Tivoli Storage Manager Operations Center IBM Tivoli Storage Manager (TSM) has been an industry-standard data protection solution for two decades. But, where most competitors focus exclusively on Backup...
- Simplify and Consolidate Data Protection for Better Business Results Learn about IBM® Tivoli® Storage Manager Operations Center, which provides advanced visualization, built-in analytics and integrated workflow automation features that leapfrog traditional backup...
- Data Protection and Disaster Recovery with iSCSI and VMware Get this on demand webcast now
- Webinar: Building a Big Data solution that's production-ready Big data solutions are no longer just a nice-to-have. All Privacy White Papers | Webcasts