ID Thieves Break Into LexisNexis Database

informationweek.com ^ | 03/09/05 | By Antone Gonsalves

[PissAndVinegar]

Using passwords and identifications from legitimate customers, thieves broke into databases owned by information company LexisNexis and stole personal information on about 32,000 U.S. citizens.

[PissAndVinegar]

Another ChoicePoint type hack resulting in tons of stolen personal data. My only hope is some of those who had info stolen are senators, congress and other people who can make some real changes and stop all this data aggregation crap.

I wonder the impact this has on investors of companies like choicepoint and Lexisnexis? Do they (investors) actually care about ethics of the companies they investing in or does the almighty $ make the final call?

[Conservative Goddess]

Wonderful....just freakin' wonderful.

So, do you remember if we had to give them our SSN's to get logins? I don't.

[holymoly]

Another ChoicePoint type hack

Actually, ChoicePoint wasn't hacked. They chose to sell the information to individuals who had (allegedly) set up accounts using a false drivers' license and realtors license as ID.

In short, ChoicePoint was (is?) willing to sell private information, including social security numbers, to anyone who wanted/wants it.

[sourcery]

The fundamental problem isn't the collecting of personal information, nor its sale. The problem is the fact that such information is so easily used to commit fraud. And that problem is the fault of the credit industry (to name the worst offender,) who should bear all responsibility and costs for fixing the problem they themselves have created.

[PissAndVinegar]

Well.....it depends on your philosophy and whether or not you have heard of Kevin Mitnick :)

I'll agree it wasn't a *programatic* hack but I'm not about to get into the hacker/cracker/whitehat/blackhat discussion, I'll save that futile argument for slashdot :)

However if you are familiar with Kevin Mitniok's concept of 'Social hacking', this was a perfect example!

And if you are not familiar - I recommend learning about 'Social hacking'. Basically, he demonstrated you can get access to anything given you apply the right amount of compliments, anger, urgency or cluelessness to the right people at the right time. He did some amazing (and criminal) things to the old Telco's back in the day...

[PissAndVinegar]

I disagree - why does this information need to be collected by anyone? I'm not even to keen on the Gov't aggregating it all either but at least they have a 'good' cause (fighting terrorism).

Everyone else wants it for marketing purposes, and while I'm all for capitalism and the pursuit of happiness, marketers are at the top of my list of scum. Marketers are the people which facilitate the sales and collection of this data, these are the same people who think "Direct mailing", SPAM, Internet 'popups' and telemarketing were all great ideas! Nothing but greedy idoits, IM(not so)HO!

[sourcery]

I disagree - why does this information need to be collected by anyone?

I suspect that, instead of disagreeing, you simply misunderstand. I'm not saying that the collection of such information isn't an issue. My point is that the standard practices of the credit/banking industry make the collection of such information a far more serious problem than it ought to be. The problem is that, solely due to the way the banks do business, a person's name, SSN and DOB are all that's needed to commit fraud against that person. There is absolutely no reason why that situation should ever have come to pass, and no reason whatsoever to tolerate its continuance. And blame clearly lies with the banks. They sould be forced to fully compensate all victims of identity theft, since identity theft is only possible due to the banks' improper reliance on name/SSN/DOB as a financial password.