Computers Seized in LexisNexis Case

Search warrants were served and computers seized across the United States as a federal investigation of the LexisNexis database breach intensified. Identity and financial information for hundreds of thousands of individuals was allegedly stolen from the database giant.

Nine people were served search warrants by investigators in the sweep, according to federal law enforcement sources. Several of those under scrutiny in the federal investigation are also believed to be involved in the February hacking of hotel heiress Paris Hilton's T-Mobile phone account.

The arrests of four people in Northern California on drug charges were reportedly also linked to the LexisNexis investigation, although FBI sources, stating that the warrants in question had been sealed by court order, reportedly declined to confirm any possible connection to the data theft.

In its initial statements in March 2005, LexisNexis had said the breach involved the sensitive personal information of some 32,000 individuals. But further investigation by the company increased that figure by a factor of ten. In early April 2005, LexisNexis revised the number of individuals potentially at risk for identity theft to 310,000.

According to this revised account, company databases had been fraudulently breached 59 times using stolen passwords, compromising information that included home addresses and Social Security numbers. The new estimate led to the notification by LexisNexis of an additional 278,000 individuals potentially affected by the breach.

The original announcement by LexisNexis of the large-scale data theft came just after the stunning revelations of a high-profile breach at data broker Choicepoint and the loss by Bank of America of data backup tapes containing personal information for some 1.2 million federal employees — including 900,000 Department of Defense employees and 60 United States Senators. Those revelations led to a series of congressional hearings putting business use of personal data under the microscope — and sharpening consumer anxiety over identity theft.

The LexisNexis breach was discovered after a billing complaint by a customer at the company's Seisint unit, acquired by LexisNexis in July 2004 for $745 million. The complaint led to the discovery of an identity and password that had been used fraudulently to obtain personal information from the huge database. The stolen data included names, addresses, Social Security numbers and driver's license numbers, according to LexisNexis. The company says no credit histories, medical records, or financial data were compromised.