Reports of Data Thefts Mushroom On Eve of Senate Hearings

Two new instances of consumer data theft came to light the day before a Senate Committee was to convene a hearing on the compiled information industry and identity theft.

As many as consumer 32,000 records from a LexisNexis database were accessed by third parties falsely posing as legitimate information customers, according to a statement from LexisNexis parent company Reed Elsevier PLC.

Separately, Retail Ventures Inc. announced that it discovered that credit card and other purchase information had been stolen from a portion of customers who had shopped at 103 of its 175 DSW Shoe Warehouse stores during the last three months. Customers who made purchases via the company’s Web site were not affected.

The company did not indicate how many consumer records had been compromised.

A LexisNexis statement revealed that the company has identified “a number of incidents” in which third parties got hold of customer information by using IDs and passwords of legitimate customers.

The data taken from LexisNexis included names, addresses, social security and drivers’ license numbers, dates of birth, and voter registration information, including party registration, according to the Reed Elsevier statement. It did not include credit history, medical records or financial information. The information was part of Accurint, a database maintained by Seisint. LexisNexis acquired Boca Raton, FL-based Seisnt during the third quarter of 2004 for $775 million.

News of these data leaks broke the day before the Senate Committee on Banking, Housing and Urban Affairs was scheduled to hold a hearing on practices within the information compiling industry. The Committee was spurred to do so after compiler ChoicePoint Inc. revealed that records on 145,000 consumers had been sold to scam artists, and Bank of America announced that tapes containing credit card information on 1.2 million individuals, primarily Department of Defense workers, had been misplaced.

Don McGuffey, vice president at ChoicePoint Services, and Barbara J. Desoer, executive vice president of global technology and services and fulfillment executive at Bank of America were listed as witnesses.

Separately, the quality of ChoicePoint’s data came under attack in a story posted on MSNBC.com. See “ChoicePoint Data Files Shot Through With False Information: MSNBC,” below.

Deborah Platt Majoras, chairman of the Federal Trade Commission; Evan Hendricks, editor of Privacy Times; and Amy S. Friend, assistant chief counsel, office of the comptroller of the currency are scheduled to join McGuffey and Desoer in offering testimony.

In response to its data leaks, LexisNexis will be notifying affected customers by mail during the next few days, and will provide them with credit monitoring and other services to identify and rectify any identity theft instances.

Both the Federal Bureau of Investigation and the Secret Service are investigating the breaches, according to the Associated Press. A LexisNexis spokesperson had no comment on the activities of any investigations. DSW Shoe Warehouse also said that federal authorities had been contacted and were involved in its investigation.

Reed Elsevier said that the identity thefts had been discovered as a result of a review of its verification, authorization and security procedures.