General discussion

Locked

LexisNexis and ChoicePoint Admit They Concealed Previous Breaches

By Jaqui ·
LexisNexis, the data broker that last month notified 32,000 people that their personal data had been stolen from company-owned databases, now
admits that a total of 310,000 people had their data stolen. The company's databases were breached nearly 60 times over the course of the
past two years. At Senate Judiciary Committee hearings last week, both LexisNexis and ChoicePoint admitted to having deliberately concealed data breaches in the past because no law required them to come forward and notify those affected.
http://www.reuters.com/newsArticle.jhtml?storyID=8159934
http://www.theregister.co.uk/2005/04/14/privacy_invasion_is_good_for_you/print.html

maybe just requiring notice isn't enough.
maybe the laws should penalise companies for not keeping the data secure.

This conversation is currently closed to new comments.

4 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

State of internet data security

by Dr Dij In reply to LexisNexis and ChoicePoin ...

is pretty bad. So if I can crack or social engineer a password, I have free reign?

Problem is there's not much penalty for allowing breaches, and alot of financial dis-incentives for spending money to secure the data.

$ Penalties would probably help. So it would make personal data more expensive. I'd guess many of the people buying the data have no reason to have CDL or SSN and have no biz relationship with person they're buying data for yet.

standard 'advanced' security might help:
no data is in plaintext in database, all encrypted.
no data transmitted w/o encryption
besides password, cheap fingerprint scanners
also authentication tokens, are $10 now, provide a rotating key that changes every 60 seconds or so.
(etrade will be offering them to clients later this year)

Collapse -

Penalize

by CuteElf In reply to State of internet data se ...

Acutally, there is a penalty..but afaik its for banks: GLBA Gramm-Reach Bliley Act.

Its to penalize the financial services companies when they lose data.

heres a linky
http://www.epic.org/privacy/glba/


no its not gay lesbian bi association. (that was #3 on google ffs.)

CuteElf

Collapse -

Not to mention...

by Cactus Pete In reply to LexisNexis and ChoicePoin ...

"The company's databases were breached nearly 60 times over the course of the past two years."

That's just those about which they know. If the security was breached that many times they can see afterward, what about those they couldn't? Not much to do about it, I suppose.. But have you heard anything about prosecutions for breakins? I haven't.

Everyone appears to be getting away with it. There is no incentive to protect the data. There is no incentive to deter the crooks.

Collapse -

Major Problem!

by jmgarvin In reply to Not to mention...

The way I see it:
1)The companies must be forced to report data loss to the consumer, even if it doesn't affect you
2) The companies that lose data must provide free credit reports for all members in their dbs for at least 2 years
3) The will be have to pay a fine

To stop this
1) Everybody and their mother can buy personal info, this has got to stop
2) The buying and selling of personal info needs to be regulated
3) The dbs need to be OFF THE INTERNET...I mean come on. You can only access them via a VPN or some secure tunnel...this total access all the time is garbage.

Back to Security Forum
4 total posts (Page 1 of 1)  

Related Discussions

Related Forums