Feeds

Right of Reply: LexisNexis

Response to our recent article on database breaches

  • alert
  • submit to reddit

Eight steps to building an HP BladeSystem

It's official: ChoicePoint, LexisNexis rooted many times

Washington Correspondent Thomas Greene's recent story, "It's official: ChoicePoint, LexisNexis rooted many times" (April 13, 2005) alleges that LexisNexis "covered up" previous database breaches because there was as yet no law requiring that individuals be notified. The story contains a number of substantial inaccuracies and Mr. Greene's interpretation of the events seem designed to imply something sinister was afoot, rather than report the facts.

These facts are reflected in the written and oral testimony before U.S. Senate hearing mentioned in the story and contained in a public statement by Reed Elsevier, which is the parent company of LexisNexis and publicly listed. It's appropriate to set the record straight so that anyone who read the information in your report knows the truth.

First, "a cover up" cannot occur if a company is unaware of the very incidents it is alleged to have covered up. Nor is there a "cover up"; if the incidents discovered are announced publicly and voluntarily within a matter of weeks of identifying and confirming the events occurred.

On March 9, 2005, Reed Elsevier, announced that a review of our recently acquired Seisint unit revealed in February 2005 (not February 2004 as reported by Mr. Greene) some incidents of potentially fraudulent access to information about U.S. individuals. In response, LexisNexis notified approximately 30,000 individuals in March 2005 that their information may have been fraudulently accessed and the company is providing them with services, at no charge to them, to monitor for and prevent identity theft.

Also on March 9, Reed Elsevier publicly indicated LexisNexis was going to continue its review "to determine the extent of any other incidents" in Seisint business.

On April 11, LexisNexis and Reed Elsevier issued a statement that it had completed its review of search activity going back to January 2003. It had found that unauthorized persons, primarily using IDs and passwords of legitimate Seisint customers, may have acquired personal-identifying information of 280,000 individuals in the U.S. in other incidents over the prior two years. LexisNexis has begun notifying these individuals.

In my testimony I acknowledged some of these incidents pre-dated the California statute (which went into effect July 2003) reported in the story. Therefore, the information that Mr. Greene believes was "covered up" by LexisNexis at some point in the distant past was not in fact known by LexisNexis until the review of the last several weeks. LexisNexis acquired Seisint in September 2004.

Finally, Mr. Greene writes, "Unfortunately, when no California residents are affected by such an incident, the public has no guarantee that the truth will emerge." However, the record should reflect that LexisNexis indicated in March 2005 that we would notify individuals in all U.S. states even though there are no statutes requiring this.

It's difficult to see how Mr. Greene's interpretation of these events could possibly be correct or how he got so many things so wrong in his story. In fact, his false characterization of LexisNexis as dishonest is libelous per se.

Finally, let me add that though we have only recently purchased Seisint, as its new owners, we accept that it is our responsibility to address any questions about its security. We are doing so swiftly and decisively to prevent any future incidents.

The Register observes the Press Complaints Commission Code of Practice. If you want an opportunity for reply to inaccuracies, please contact Drew Cullen

Reducing security risks from open source software

More from The Register

next story
Delaware pair nabbed for getting saucy atop Mexican eatery
Burrito meets soft taco in alleged rooftop romp outrage
Japanese artist cuffed for disseminating 3D ladyparts files
Printable genitalia fall foul of 'obscene material' laws
Brit Rockall adventurer poised to quit islet
Occupation records broken, champagne corks popped
Carlos: Slim your working week to just three days of toil
'Midas World' vision suggests you retire later, watch more tellie and buy more stuff
Apple: No, China. iPhone is NOT public enemy number 1
Beijing fears it could beam secrets back to America
Canuck reader threatens suicide over exact dimensions of SPAAAACE!
How many As? Reg hack's writing cops a shoeing
Accused! Yahoo! exec! SUES! her! accuser!, says! sex! harassment! never! happened!
Allegations were for 'financial gain', countersuit claims
prev story

Whitepapers

Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.