Feeds

Right of Reply: LexisNexis

Response to our recent article on database breaches

  • alert
  • submit to reddit

Beginner's guide to SSL certificates

It's official: ChoicePoint, LexisNexis rooted many times

Washington Correspondent Thomas Greene's recent story, "It's official: ChoicePoint, LexisNexis rooted many times" (April 13, 2005) alleges that LexisNexis "covered up" previous database breaches because there was as yet no law requiring that individuals be notified. The story contains a number of substantial inaccuracies and Mr. Greene's interpretation of the events seem designed to imply something sinister was afoot, rather than report the facts.

These facts are reflected in the written and oral testimony before U.S. Senate hearing mentioned in the story and contained in a public statement by Reed Elsevier, which is the parent company of LexisNexis and publicly listed. It's appropriate to set the record straight so that anyone who read the information in your report knows the truth.

First, "a cover up" cannot occur if a company is unaware of the very incidents it is alleged to have covered up. Nor is there a "cover up"; if the incidents discovered are announced publicly and voluntarily within a matter of weeks of identifying and confirming the events occurred.

On March 9, 2005, Reed Elsevier, announced that a review of our recently acquired Seisint unit revealed in February 2005 (not February 2004 as reported by Mr. Greene) some incidents of potentially fraudulent access to information about U.S. individuals. In response, LexisNexis notified approximately 30,000 individuals in March 2005 that their information may have been fraudulently accessed and the company is providing them with services, at no charge to them, to monitor for and prevent identity theft.

Also on March 9, Reed Elsevier publicly indicated LexisNexis was going to continue its review "to determine the extent of any other incidents" in Seisint business.

On April 11, LexisNexis and Reed Elsevier issued a statement that it had completed its review of search activity going back to January 2003. It had found that unauthorized persons, primarily using IDs and passwords of legitimate Seisint customers, may have acquired personal-identifying information of 280,000 individuals in the U.S. in other incidents over the prior two years. LexisNexis has begun notifying these individuals.

In my testimony I acknowledged some of these incidents pre-dated the California statute (which went into effect July 2003) reported in the story. Therefore, the information that Mr. Greene believes was "covered up" by LexisNexis at some point in the distant past was not in fact known by LexisNexis until the review of the last several weeks. LexisNexis acquired Seisint in September 2004.

Finally, Mr. Greene writes, "Unfortunately, when no California residents are affected by such an incident, the public has no guarantee that the truth will emerge." However, the record should reflect that LexisNexis indicated in March 2005 that we would notify individuals in all U.S. states even though there are no statutes requiring this.

It's difficult to see how Mr. Greene's interpretation of these events could possibly be correct or how he got so many things so wrong in his story. In fact, his false characterization of LexisNexis as dishonest is libelous per se.

Finally, let me add that though we have only recently purchased Seisint, as its new owners, we accept that it is our responsibility to address any questions about its security. We are doing so swiftly and decisively to prevent any future incidents.

The Register observes the Press Complaints Commission Code of Practice. If you want an opportunity for reply to inaccuracies, please contact Drew Cullen

Intelligent flash storage arrays

More from The Register

next story
Holy vintage vehicles! Earliest known official Batmobile goes on sale
Riddle me this: are you prepared to pay US$180k?
'Open source just means big companies can steal your code.' O RLY?
Plus: Flame of the Week returns, for one night only!
Bible THUMP: Good Book beats Darwin to most influential tome title
Folio Society crowns fittest of surviving volumes
Microsoft to bring back beloved 1990s super-hit BATTLETOADS!?*
* Or maybe not. It is just a trademark filing, after all
U wot? Silicon Roundabout set to become Silicon U-BEND
Crap-spouting London upstarts to get permanent road closure
Hey, you, PHONE-FACE! Kickstarter in-car mobe mount will EMBED your phone into your MUG
Stick it on the steering wheel and wait for the airbag to fire
NEWSFLASH: It's time to ditch dullard Facebook chums
Everything hot in tech, courtesy of avian anchor Regina Eggbert
Fire fighters call for no-drone zone around bushfires
UAVs can take down water-spaffing 'copters, so firies want them to butt out
prev story

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
New hybrid storage solutions
Tackling data challenges through emerging hybrid storage solutions that enable optimum database performance whilst managing costs and increasingly large data stores.