Senators pledge
to take action
on data theft

WASHINGTON - Only a day after disclosing a massive security breach involving 300,000 consumers, LexisNexis found itself under an uncomfortable congressional microscope Wednesday.

Senators peppered the commercial data broker and two of its rivals, ChoicePoint and Acxiom, with questions about recent breaches at several institutions that have seen consumers' personal data exposed or stolen, putting them at risk of identity theft.

"My conclusion is we need federal legislation," said Sen. Arlen Specter, who presided over the Judiciary Committee hearing on Capitol Hill.

Pressure has been building for some kind of regulation of the industry in the wake of ChoicePoint's disclosure two months ago that criminals had stolen data on 145,000 U.S. citizens. News of several other high-profile data leaks followed, including a March announcement from LexisNexis that data on 30,000 consumers had been pilfered. LexisNexis revised that announcement Tuesday, revealing an additional 280,000 consumers may have been affected by that theft.

"We sincerely regret this," said LexisNexis president Kurt Sanford. A just-concluded investigation revealed there were 59 separate incidents at the firm's newly acquired Seisint division dating back to 2003, he said. In each case, a thief stole the login information belonging to a legitimate Seisint customer and downloaded consumer Social Security numbers and other personal information.

Interactive Identity theft What to do when it happens

In some cases, the legitimate customer used ineffective passwords, he said. In other cases, a Trojan horse program or computer virus was used to steal login information. The firm has since tightened its security procedures, Sanford said, forcing customers to change their passwords every 90 days.

But that wasn't enough to satisfy members of the Senate committee, who seemed intent on passing some federal law to stem the tide of data thefts.

"You can be sure there will be firm federal legislation coming about this issue," said Specter, R-Pa.

The incident revealed how easily private information is stolen, said Sen. Patrick Leahy, D-Vt. "These were relatively unsophisticated scams," he said, criticizing the data industry for not doing a better job of protecting the private information. "This hearing is about shining a light on those practices."

Sens. Chuck Schumer, D-N.Y., and Bill Nelson, R-Fla., added to the growing pile of legislative proposals by announcing before the hearing a new bill that would give the Federal Trade Commission an additional $60 million to fight identity theft.

"We have got to get our arms around this issue, otherwise, Americans won't have any privacy left," Nelson said.

MORE FROM SECURITY

Security Section Front

Facebook to overhaul privacy structure Avoid flirty patients on Facebook, doctors told ‘Black screen of death’ for some Windows users Red Tape: Will piracy crackdown bring iPod border checks? Internet activists push for greater democracy EU assembly adopts Internet, phone user rights 'Mr. Right' grifts widow's $50K in Web scam U.K. cops arrest people ‘just for the DNA’ Virus attacks ‘jail broken’ iPhones China attacks ‘biased’ U.S. cyber-spying report Security Section Front   Add Security headlines to your news reader: