Consumer Data Stolen from Reed Elsevier U.S. Unit
Reuters Internet Report
By Jeffrey Goldfarb
Hackers have gained access to sensitive personal details of about 32,000 U.S. citizens on databases owned by publisher Reed Elsevier, fueling fears about identity theft and efforts to curb the sale of such information.
The U.S. Federal Bureau of Investigation and the Secret Service arm of the U.S. Department of Homeland Security are investigating the breach, a company spokeswoman said on Wednesday.
Anglo-Dutch Reed Elsevier said a billing complaint by a customer of its Seisint unit in the past week led to the discovery that an identity and password had been misappropriated.
The information accessed included names, addresses, social security and driver's license numbers, but not credit histories, medical records or financial information.
Reed Elsevier said it is contacting the 32,000 people affected and offering them credit monitoring and other support to detect any identity theft.
"Law enforcement officials have asked us to keep all this information close, because they're hoping to catch up with some of these people," the spokeswoman said.
In recent weeks, Seisint rival ChoicePoint, financial group Bank of America Corp. and discount store owner Retail Ventures Inc all have reported similar problems of stolen or lost customers' personal information.
A U.S. Senate committee has a scheduled hearing on identity theft for Thursday amid promises from lawmakers to enact new rules to protect data and limit companies from selling such information.
Seisint, based in Boca Raton, Florida, collects information from government agencies to build large databases.
A Seisint-created criminal information database called Matrix came under fire after it drew up a list of people with terrorist profiles, which then led to some arrests.
Many of the company's customers are law enforcement agencies and financial institutions.
"There are advantages to attacking those kinds of companies because the information is quite valuable," said Paul Beechey, an information technology security specialist who simulates hacker techniques for UK defense group QinetiQ.
"As the value of what you're trying to steal increases, so does the effort that the bad guys will put into it," he said.
RIVAL'S SIMILAR SITUATION
ChoicePoint Inc., which also sells personal data, said last month it experienced a wider theft of about 145,000 consumer profiles. It is under investigation by U.S. authorities for the breach as well as for compliance with federal consumer information security laws. Identity thieves set up roughly 50 fraudulent business accounts to gain access to ChoicePoint's data. Law enforcement officials said earlier this month they had found attempts were made to compromise the identities of about 750 consumers.
Reed Elsevier bought Seisint in July 2004 for $745 million and housed it inside its LexisNexis unit. It reaffirmed annual and longer-term financial targets in the wake of the theft.
"The financial implications are expected to be manageable within the context of LexisNexis's overall growth," the company said in a statement.
The company's shares in London were down 1.73 percent to 538 1/2 pence at 1444 GMT.
Though Seisint represents only about 1.5 percent of Reed Elsevier's revenues, analysts said the situation could have other detrimental affects.
"This will harm management's credibility and acquisition track record," analyst Gert Potvlieghe at brokerage Petercam wrote in a morning note to clients.
Seisint has weathered some controversy in recent years.
In December, Seisint founder Hank Asher sued ChoicePoint executives for $1.8 billion, accusing them of undermining him when he was trying to sell the business. ChoicePoint had previously sued Seisint.
Asher resigned from the board before the company was sold after a state investigation disclosed findings that he had piloted planes containing cocaine from Colombia to the United States in the early 1980s.
Following the Sept. 11, 2001, attacks, Seisint's Matrix technology, or Multistate Anti-Terrorism Information Exchange, drew sharp criticism from privacy groups when it provided government officials the names of 120,000 people whose personal information supposedly fit the profile of a terrorist.