funsec mailing list archives
Re: [privacy] LexisNexis Warns of Consumer Database Breaches
From: Dave Jevans <dave.jevans () antiphishing org>
Date: Fri, 22 Jun 2007 10:20:21 -0700
Crazy. If FFIEC is going to be mandating strong authentication for banking transactions, it seems that databases like this Accurint should be subject to similar requirements. Of course these systems aren't subject to regulatory agencies like FFIEC, but it seems that they are just as big of a risk. Strong 2-factor authentication should be required if we are going to permit such commercial databases of consumer information. My $0.02 At 4:05 AM +0000 6/22/07, Fergie wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Brian Krebs: [snip] Last month, Security Fix wrote that scam artists were trying to steal the login credentials that law enforcement officers use to access their accounts at Accurint, a database operated by LexisNexis owner ReedElsevier that contains highly detailed and personal files on millions of Americans. It would seem as though those efforts have been successful. The company recently sent out an undetermined number of letters to consumers across the country, stating that "...a law enforcement customer's user ID may have been used in an unauthorized manner that allowed some personal information about you to be viewed..." The letter, dated May 25, said thieves had accessed the recipient's personal data, which may have included the victim's name, address, Social Security and/or drivers license number. It also offered free Equifax monitoring through a promotional code. Sources familiar with the incident said the letters were sent after it was discovered that a number of accounts were compromised at a federal law enforcement agency, though the source declined to say which agency was targeted. [snip] More: http://blog.washingtonpost.com/securityfix/2007/06/lexisnexis_warns_of_cons umer_d_1.html - - ferg -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.2 (Build 2014) wj8DBQFGe0p7q1pz9mNUZTMRAgJ3AJ9ZVM+kulgvC8cbwdKnSMqVwcm8GgCePnnr ChHUviMxZy6fHN+eusGM5gw= =rupQ -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/ _______________________________________________ privacy mailing list privacy () whitestar linuxbox org http://www.whitestar.linuxbox.org/mailman/listinfo/privacy
_______________________________________________ privacy mailing list privacy () whitestar linuxbox org http://www.whitestar.linuxbox.org/mailman/listinfo/privacy
Current thread:
- [privacy] LexisNexis Warns of Consumer Database Breaches Fergie (Jun 21)
- Re: [privacy] LexisNexis Warns of Consumer Database Breaches Dave Jevans (Jun 22)