In a series of incidents, hackers broke into Seisint's databases, gaining access to the personal data of estimated 32,000 U.S. citizens, Reed Elsevier Group said in a statement on Thursday. Seisint is a unit of Reed Elsevier's business information subsidiary LexisNexis. The break-in exposed names, addresses, social security numbers and driver's license information, the company said.
Vermont Sen. Patrick Leahy, the top Democrat on the Senate Judiciary Committee, said that such data losses cannot be allowed to continue. In a statement released by the senator's office late Wednesday, Leahy labeled the problem as a massive threat to both individual Americans and national security.
"This is the latest window on security weaknesses that jeopardize the personal information that data brokers hold about every American, and the view is a chilling one," he said. "We are vulnerable not only to run-of-the-mill thieves but also potentially to sophisticated scams, organized crime or even terrorists. If criminals can breach these security arrangements, there is a danger that terrorists may also be able to."
News of the Seisint breach comes just weeks after one of the company's chief rivals, ChoicePoint, confirmed that suspected criminals posing as legitimate businesses had gained access to some 145,000 of its own profiles of American consumers. Both companies sell consumer data to businesses that want information on specific individuals, to carry out a background check on a potential employee, for example.
In response to the leaks, legislators and industry watchers have called for increased scrutiny of the data-aggregation industry's business practices.
Atlanta-based ChoicePoint is already under investigation by the Federal Trade Commission, the U.S. Securities and Exchange Commission and a number of state attorneys general.
Sen. Dianne Feinstein of California, a Democrat who last year introduced a bill, the Notification of Risk to Personal Data Act, requiring businesses to alert people if their personal information has been exposed, called for a greater push for new laws on Thursday.
"Congress needs to move forward quickly on legislation to strengthen privacy protections and show the American people that we take the crime of identity theft seriously," she said
Leahy has lobbied for new policies to regulate businesses such as Seisint. The senator pointed out that such companies have become an important part of the federal government's efforts to defend against terrorist activity.
"Data brokers are also increasingly partners with the government in important law enforcement and homeland security efforts, and their performance in protecting data is one of the important criteria in evaluating those relationships," Leahy said in his statement. "It is time for an audit of security arrangements that federal agencies have with these data brokers for the databanks that they manage for the federal government."
Privacy experts echoed Leahy's sentiments, but they said that it may be too late to protect many consumers whose information was compromised in the Seisint and ChoicePoint incidents, as well as in the massive customer record loss reported last month by Bank of America.
The creation of better lawsto regulate data brokers would be a step in the right direction, said Peter Gregory, an analyst at Seattle-based research firm HartGregory Group. He noted that the push to introduce new guidelines only came many consumers were unknowingly victimized.
"As usual in this sort of business, where people really don't know someone is controlling their data, laws get passed after bad things happen, and this is no exception," he said. "I wouldn't be surprised to see Congressional hearings scheduled, as these incidents highlight a symptom of a problem that's been going on for a while."
"The reality is that once a consumer gives their information to a private organization such as a bank, that organization will pass it on to other parties, and the consumer has no control of this at all," Gregory added.
Consumer data thefts often garner personal information that could be used to commit identity fraud. In the ChoicePoint leak, some 750 cases of related identity fraud have already been reported to law enforcement officials, and a California man has pleaded no contest to felony charges related to the heist.
Jay Foley, co-executive director of the Identity Theft Resource Center, a nonprofit organization, said the pool of consumer data shared among criminals grows with each data loss. He said that unless data brokers are soon held to a higher standard, identity theft is likely to continue to grow at their expense.
"The thieves know the data lies in these companies' databases, and they're going to continue to try to exploit it," Foley said. "The fact that out of the 145,000 files stolen from ChoicePoint, that there's only been 750 cases of ID theft reported so far, may be misleading. A lot of people still haven't been informed that their information was compromised, or they don't know that criminals are actively using their information to commit crimes even as we speak."
Seisint representatives did not immediately return calls seeking comment for this story.
Play video
There are currently no comments for this post.