Data breaches – are you targeting the right risks?
Jinfo Blog

5th May 2009

By Tim Buckley Owen

Item

As many as 40,000 customers of LexisNexis and of due diligence specialist Investigative Professionals may have had their personal information compromised in a data breach linked to a credit card scam. According to CBS News, which broke the story (http://digbig.com/4yrhh), the unauthorised access to LexisNexis accounts took place in 2007, but the company says that the United States Postal Inspection Service (USPIS) has only allowed it to notify customers now so as not to compromise the investigation. In a letter sent to potential victims and reproduced in the CBS report, LexisNexis said that those responsible for perpetrating the suspected fraud were at one time customers of theirs and of Choicepoint, which was subsequently acquired by LexisNexis’s parent Reed Elsevier and absorbed into the LexisNexis Risk & Information Analytics Group (http://digbig.com/4yrhj). Now LexisNexis is offering potentially affected customers a year’s free credit monitoring from Experian subsidiary ConsumerInfo.com, to enable them to identify any possible fraudulent use of their information. Beyond that, LexisNexis’s advice to its customers is pretty commonsense stuff: review your credit reports carefully for enquiries that you didn’t initiate or transactions you didn’t authorise, and look out in particular for errors in your name and address information – which could be warning signs of identity theft, but could equally be the result of simple mistakes. In the circumstances, the surprise is not that this has happened, but that it doesn’t happen more often. According to the latest Microsoft Security Intelligence Report (http://digbig.com/4yrhk), spam and phishing attacks make up a staggering 97% of the email that is sent. However, while avoiding any danger of complacency, the response needs to be proportionate to the risk. Of the 40,000 people in the USPIS investigation whose information was accessed, CBS reports that only around 300 were actually compromised – and Microsoft also quotes figures from the Open Security Foundation’s Data Loss Database (http://digbig.com/4yrhm) which suggests that, in general, security breaches from hacking or malware account for less than 20% of the total of data lost. By contrast, of all the incidents reported, stolen and lost equipment such as laptops account for half.

« Blog