Hackers have gained access to personal information of about 32,000 U.S. citizens on databases owned by publisher Reed Elsevier, the second company to reveal a major breach in the past month.
The FBI and the Secret Service arm of the U.S. Treasury Department are investigating, a company representative said Wednesday.
Anglo-Dutch publisher Reed Elsevier said the breach at the Seisint unit was found after a customer's billing complaint in the last week led to the discovery that an identity and password had been misappropriated.
The information accessed included names, addresses, Social Security and driver's license numbers, but not credit history, medical records or financial information.
Seisint, based in Boca Raton, Fla., collects data from government agencies, building large databases and ways to extract information from them.
Reed Elsevier said it is contacting the 32,000 people affected and offering them credit monitoring and other support to detect any identity theft.
"Law enforcement officials have asked us to keep all this information close because they're hoping to catch up with some of these people," the representative said.
The problem of identity theft, where criminals run up charges using stolen personal information, has cost companies and individuals billions of dollars, prompting new government legislation and widespread resolve to protect consumers.
Many of Seisint's customers are law enforcement agencies and financial institutions.
"There are advantages to attacking those kinds of companies because the information is quite valuable," said Paul Beechey, an IT security specialist who simulates hacker techniques for UK defense group QinetiQ.
"As the value of what you're trying to steal increases, so does the effort that the bad guys will put into it," he said.
Seisint rival ChoicePoint, which also sells personal data, said last month it experienced a theft of about 145,000 consumer profiles.
ChoicePoint is under investigation by U.S. authorities for the breach, as well as for compliance with federal consumer information security laws. Identity thieves set up roughly 50 fraudulent business accounts to gain access to ChoicePoint's data. Law enforcement officials said earlier this month they had found attempts were made to "compromise" the identities of about 750 consumers.
Reed Elsevier bought Seisint in July 2004 for $745 million and housed it inside its LexisNexis unit. Though Seisint represents only about 1.5 percent of Reed Elsevier's revenue, analysts said the situation could have other detrimental affects.
"This will harm management's credibility and acquisition track record," analyst Gert Potvlieghe at brokerage Petercam wrote in a morning note to clients.
Reed Elsevier has weathered some controversy in recent years.
In December, Seisint founder Hank Asher sued ChoicePoint executives for $1.8 billion, accusing them of undermining him when he was trying to sell the business. ChoicePoint had previously sued Seisint.
Asher resigned from the board before the company was sold after a state investigation disclosed it had found he piloted planes containing cocaine from Colombia to the United States in the early 1980s.
Following the Sept. 11, 2001, terrorist attacks, Seisint's Matrix technology, which stands for Multistate Anti-Terrorism Information Exchange, drew sharp criticism from privacy groups when it provided government officials the names of 120,000 people whose personal information supposedly fit the profile of a terrorist. SOURCE