According to LexisNexis, "These individuals were operating businesses that at one time were both ChoicePoint and LexisNexis customers."
The US Postal Inspection Service, which is lead agency in the case, is looking at a Nigerian scammer as prime suspect. They believe that what he and his associates did was to set up fake mail boxes, then use the names, dates of birth, and Social Security numbers they obtained to apply for credit cards in the victims' names.
Three years ago, ChoicePoint is said to have paid $15 million to settle a lawsuit with the FTC after fraudsters infiltrated the company's data base and used the information they were able to get there to commit ID fraud.
Authgorities say that, in this case, LexisNexis waited a long time before notifying victims, and then only did so at the behest of the Postal Inspection Service. Although the actual fraud was said to have been stopped in October 2007, breach notification letters were not sent out until last week. LexisNexis would not say when it became aware of the data breach.
The company has a history of data breaches, having succumbed to attacks in 2005 and 2006.
No comments:
Post a Comment