The LexisNexis online information service told 32,000 people last night that their personal information may have been improperly accessed by former customers in a credit card fraud scheme that postal officials said had hit hundreds.
“I am writing to inform you that sensitive, personally identifiable information about you may have been viewed by a few individuals who should not have access to such information,” said the letter sent yesterday to people whose information is in LexisNexis databases.
A breach of the databases at New York-based LexisNexis and at a Santa Fe, New Mexico, company called Investigative Professionals, which conducts background checks including employee screenings, victimised about 300 people, US Postal Inspection Service spokesman Peter Rendina said.
The 300 people, all of whom have been contacted by postal authorities, had personal information used fraudulently, Mr Rendina said. Suspects in the scheme had access to information on about 40,000 people but did not use all of it, he said.
No suspects had been arrested as of yesterday, although Mr Rendina said authorities were wrapping up their investigation. He did not say how the personal information was improperly used.
But LexisNexis said the information – including names, birthdates and Social Security numbers – was used to set up fake credit cards. The thieves, who operated businesses that were once LexisNexis customers, broke into mailboxes of businesses that contained LexisNexis database information, the letter said.
The information was obtained between June 2004 and October 2007, the letter said. There was no evidence of identity fraud in the investigation
Joe Hoover, who answered the telephone at Investigative Professionals last night, said he could not comment.
LexisNexis disclosed in 2005 that hackers had got access to personal information on as many as 32,000 Americans.
Database collector ChoicePoint, a spin-off of credit agency Equifax, disclosed in 2005 that thieves posing as small business customers gained access to its database, possibly compromising the personal information of 163,000 Americans.
ChoicePoint, based in Alpharetta, Georgia, later agreed to pay $15m to settle Federal Trade Commission charges that its security and record-handling procedures violated consumers’ privacy rights. ChoicePoint later was bought by London-based educational publisher Reed Elsevier PLC, the parent of LexisNexis.