News and business information vendor LexisNexis says it has identified 59 incidents where personal data held on 310,000 US citizens by its US risk management database unit, Seisint, could have been accessed by fraudsters.
LexisNexis said in March that fraudsters had gained access to profiles of 32,000 US individuals at the Seisint unit, which it acquired last July. But, following a review of two years of activity at Seisint and its other business units the firm is now notifying a further 280,000 individuals whose information may have been acquired during these recently identified incidents.
LexisNexis says fraudsters managed to access the data using passwords and IDs stolen from legitimate Seisint customers. The breach was uncovered after a billing complaint by a customer at the Seisint unit led to the discovery of an identity and password that had been misappropriated. US police are currently investigating the incidents.
Kurt Sanford, CEO, corporate and federal markets, LexisNexis, adds: "We are taking action to notify individuals where we found some indication that they might have some risk of identity theft or fraud, even if that risk did not appear to be significant."
The information accessed includes names, addresses, social security and drivers licence numbers, but not credit history, medical records or financial data. In a statement, the company says the LexisNexis or Seisint technology infrastructure was not hacked into or penetrated nor was any customer data held within that infrastructure accessed or compromised.
Sanford says the company has "taken a number of significant actions in recent weeks to further guard against these types of fraudulent intrusions at our customer sites and to enhance our security procedures and policies overall".
Florida-based Seisint uses property records and other public data to build profiles of US consumers which it sells to law-enforcement agencies and financial institutions.
In February US credit data firm ChoicePoint said personal data records of around 145,000 consumers had been accessed by a gang of criminals posing as businessmen.