It appears that two large data companies, Lexis Nexis and Investigative Professionals, have once again lost sight of proper security and exposed the personal data of 40,000 people to prying eyes.

The United States Postal Inspection Service is probing the possibility that  Lexis Nexis and Investigative Professionals have exposed the “sensitive and personally identifiable” information to the view of people that should not have had access to it. The two companies have sent notifications to the individuals that they believe may have been effected by the security breach.

The USPS is looking into the data breach at both companies that resulted in sensitive information being used in a crime, according to a story by CBS News. It is believed that the data breach is linked to a Nigerian Scam artist who used the information to incur fraudulent charges on victims’ credit cards. A spokesman for the Postal Inspectors Service, Peter Rendina, said that of the approximately 40,000 individuals whose data was accessed, perhaps 300 were compromised and used to obtain fraudulent credit cards.

Lexis Nexis notified those people whose personal information was compromised via a letter. The company said that the unauthorized access took place at some time between June 14 and October 10, 2007, meaning that the admission of the security breach comes almost two years after the breach occurred. The letter said that the personal information in question included names, dates of birth and possibly even social security numbers. The letter warns customers to review their credit reports for any inaccuracies, to report any errors or suspicious activity to creditors as soon as possible, and to contact the United States Postal Service if they believe their personal information may have been compromised.

Such security breaches occur all to often, sometimes the fault of sloppy security and sometimes just carelessness. Data has been lost or made available to the wrong parties: banks, government agencies, insurance companies, and data processing companies. There probably should be a penalty for security breaches of this kind. The companies and agencies that receive and hold such sensitive information should be held responsible for its safekeeping.

Related:

Entry was posted on Saturday, May 2nd, 2009 at 3:19 pm under Crime, Hacking, Legal, Scams, Security.

Read more entries by Michael W. Jones.
Stumble It!