Personal Info of 32,000 Accessed in LexisNexis Breach

Last Wednesday, the parent company of LexisNexis announced that information on approximately 32,000 individuals in the company's databases may have been fraudulently accessed.

According to a statement issued by the company, the incidents arose from the misappropriation of customers' passwords and user Ids by third parties. The information accessed includes names, addresses, social security and drivers' license numbers, but not credit history, medical records or financial information, the company said.

The incidents of unauthorized access were identified as part of an ongoing extensive review of the verification, authorization and security procedures and policies across the risk management businesses. LexisNexis has accelerated this review to determine the extent of any other incidents.

The company has posted a breakdown of the estimated number of people affected in each of the 50 states, the District of Columbia and the armed forces on its Web site, and begun notifying individuals who may have had their personal information accessed.

This incident and a rash of others like it prompted a hearing by the Senate Committee on Banking, Housing and Urban Affairs on the security of personal information that was held earlier this week. In addition, U.S. Senator Bill Nelson is working on amendments to the Fair Credit Reporting Act (FCRA) that would strengthen regulation of data brokers, such as ChoicePoint and LexisNexis.