Infosecurity

LexisNexis data used by credit card fraudsters

By Alice Kok | 5 May 2009

LexisNexis—a popular searchable archive for content from newspapers, magazines, legal documents and other printed sources— has acknowledged that criminals have used its information retrieval service for more than three years to gather data to commit credit card fraud.

View photos

Related Categories

• INFOSECURITY

From this Section

• NEWS

LexisNexis has revealed that “a few” customers used its service to help them illegally obtain credit cards.

“These individuals were operating businesses that at one time were both ChoicePoint and LexisNexis customers,” the company said in a notification letter.

To perpetrate the scam, the fraudsters would set up fake mail boxes and then use information obtained on LexisNexis to open credit cards in the victims’ names. The criminals were able to obtain names, dates of birth, and even Social Security numbers from the data broker.

LexisNexis waited a long time to notify victims at the request of the US Postal Inspection Service. The fraud was stopped on 10 October 2007, LexisNexis said, but the breach notification letters were not sent out until now.

If LexisNexis withheld disclosure for a year-and-a-half it was “far too long,” according to Beth Givens, director or Privacy Rights Clearinghouse. “A lot of damage can be done in 18 months,” she said.

In 2006, ChoicePoint paid US$15 million to settle a lawsuit with the US Federal Trade Commission after scammers allegedly used ChoicePoint’s data services for ID fraud. LexisNexis’s parent company, Reed Elsevier, purchased ChoicePoint last year for US$4.1 billion.

LexisNexis has tightened the way it verifies customers since the incident occurred, the company said in the notification letter.