West Publishing Corporation, a unit of Thomson Reuters, has notified the New Hampshire Attorney General’s Office of a breach involving their Westlaw subscription-only public records database.
In a letter dated November 4th to those affected, Senior Vice President Andy Martens explained that on October 14, they detected unusual search activity. Investigation revealed that some subscribers’ passwords had been compromised and used to access the database. The types of information involved included addresses, date of birth, and in some cases, driver’s license numbers and Social Security numbers. No bank account or credit card information was involved.
In response to the breach, West removed external access to full sensitive identifiers in public records, forced a password reset on all public user accounts, and implemented additional technological controls to detect and respond to searches of more limited public records that also appeared unauthorized. Federal law enforcement was also contacted.
West offered those affected two years of free credit monitoring with Experian ProtectMyID Elite.
Nine NH residents were notified. The total number of individuals notified was not indicated in their report to New Hampshire.