Criminals who stole information from a LexisNexis database in the U.S. may have accessed the names, addresses, Social Security and driver license numbers of nearly 310,000 people, the Associated Press reported.
The number of people affected is 10 times as many as publisher and data broker Reed Elsevier Group PLC had originally thought, the company acknowledged Tuesday. Last month, the company reported that personal information about 32,000 people had been accessed in a breach of LexisNexis' recently acquired Seisint unit.
Credit history, medical records and financial information were not accessed, the company said.
Since January 2003, the company said there have been 59 incidents of unauthorized people fraudulently accessing the personal identifying information on thousands of people, the AP reported. The thieves used IDs and passwords of legitimate Seisint customers to gain access.
The breach was first uncovered during a review and integration of Seisint's systems shortly after Reed bought the Boca Raton, FL-based unit for $775 million in August, according to Reed spokesman Patrick Kerr.
“That's when this situation started becoming obvious,'' Kerr said.
Seisint provides data for Matrix, a crime and terrorism database project funded by the U.S. government that has raised concerns among civil liberties groups since it keeps millions of personal records including individuals' addresses and Social Security numbers, the AP reported. The company includes police and legal professionals and public and private sector organizations on its list of customers.
Kerr said that none of the 32,000 people Reed has notified since March have reported any form of identity theft and just 2 percent have contacted LexisNexis to accept its offer of free credit reports and credit monitoring.
“We are not being complacent, we know there's still work to do but this so far is encouraging,'' Kerr said.
He added that the company has since ensured that the system is “watertight'' by improving login systems and security checks.