Information publisher Reed Elsevier, expanded today the number of people it estimates were exposed to scammers on its LexisNexis databases last month. They now say the number is likely 10 times more than originally reported.
"The first figures were based only on our initial investigation," said Reed Elsevier spokesman Patrick Kerr. He added that the company had expected the number to rise.
The investigation into the March heist revealed as many as 310,000 people had personal information, including names, addresses and Social Security and driver's license numbers, exposed through the company's legal and business information service, LexisNexis.
The company said no credit history, medical records or financial information was exposed.
Reed Elsevier said that in order to access LexisNexis' records, third parties gained access to IDs and passwords of paying customers of its Seisint subsidiary. The breach was discovered during a routine review of the verification, authorization and security procedures and policies for its businesses.
Kerr said the company had already notified the original 32,000 people first identified about the breach, of which two percent, or approximately 600, had taken the company up on its offer to provide credit checks and monitoring to ensure thieves weren't using the information.
LexisNexis operates the services as part of its own U.S. Risk Management business, and is used by law enforcement, homeland security, banks and other businesses to reduce credit card and insurance fraud.
Kerr said the company would continue to tighten security by implementing significant improvements to customers' password and ID administration security processes. LexisNexis will continue its long-established support of effective federal and state data privacy policies and practices.
To this point, nobody has claimed to be a victim of theft resulting from the breach, according to Kerr. Elsevier has already begun the process of notifying the 310,000 people whose information was compromised.
The scandal comes at a time when many institutions holding vital statistics on individuals seems to be vulnerable. In February, credit-check company ChoicePoint announced it had unwittingly handed over the information of 145,000 people to thieves, and several incidents on university campuses last month exposed tens of thousands of personal records.
Adapted from Internetnews.com.