Ariel Bashi of CBS News reports:
CBS News has learned of another data breach potentially compromising the personal information of thousands of people. Companies Lexis Nexis and Investigative Professionals have sent up to 40,000 letters to customers whose “sensitive and personally identifiable” information may have been viewed by individuals who should not have had access.
The United States Postal Inspection Service is investigating a data breach at both companies that resulted in sensitive information being used in a crime. Those individuals have been notified. Sources tell CBS News that the data breach is linked to a Nigerian Scam artist who used the information to incur fraudulent charges on victims’ credit cards.
I’ll update this entry as more becomes available.
Update 1: Associated Press is reporting that LexisNexis notified 32,000 people that former customers may have viewed their personal info including Social Security numbers. So far, there seem to have been 300 victims from LexisNexis and Investigative Professionals.
Update 2: Bob McMillan of IDG News Service reports that LexisNexis the fraud was stopped on Oct. 10, 2007, LexisNexis said, but the breach notification letters were not sent out until now because the USPS asked LexisNexis to wait because of its investigation. There was no statement on when the fraud or problem started and when LexisNexis first became aware of it.
Update 3, May 13:LexisNexis’s notification (pdf) to the NH Attorney General’s Office is now available online and provides some additional information as to when the fraud occurred (starting in 2004) and steps LexisNexis has taken in the past few years to strengthen its security.