The identity thieves who stole passwords to tap personal data from information broker LexisNexis hacked the records of more than 300,000 Americans, 10 times what the company first acknowledged, the company disclosed yesterday.
The announcement by London-based Reed Elsevier, which owns LexisNexis, indicates that security problems in the industry are more widespread than first thought.
The company said that it had uncovered 59 cases in which unauthorized persons "using IDs and passwords of legitimate customers" fraudulently acquired personal identifying data from its databases.
Reed Elsevier's director of corporate relations, Catherine May, emphasized that LexisNexis' infrastructure was not breached. "This is about misuse of legitimate passwords and means of access," May said from London.
LexisNexis estimates that information on 310,000 U.S. individuals may have been accessed. When it first reported the thefts March 9, the company said about one-third of the victims were California residents; it now puts the number of Californians at 64,145.
LexisNexis said it will notify all individuals involved and is offering free credit bureau reports, credit monitoring for one year and fraud insurance. The company said it is cooperating with law enforcement authorities investigating hackers' "potentially fraudulent misuse" of the data.
Reed Elsevier said the stolen data do not include "personal credit histories, medical records or individuals' financial records; it involves "names and addresses and other personal identifying information such as Social Security and driver's license numbers."
The Los Angeles Times is a Tribune Publishing newspaper.