NEW YORK – The LexisNexis online information service told 32,000 people on Friday that their personal information may have been improperly accessed by former customers in a credit card fraud scheme that postal officials said had bilked hundreds.
"I am writing to inform you that sensitive, personally identifiable information about you may have been viewed by a few individuals who should not have access to such information," said the letter mailed Friday to people whose information is in LexisNexis databases.
A breach of the databases at New York-based LexisNexis and at a Santa Fe, New Mexico, company called Investigative Professionals, which conducts background checks including employee screenings, victimized about 300 people, U.S. Postal Inspection Service spokesman Peter Rendina said.
The 300 people, all of whom have been contacted by postal authorities, had personal information used fraudulently, Rendina said. Suspects in the scheme had access to information on about 40,000 people but didn't use all of it, he said.
No suspects had been arrested as of Friday, although Rendina said authorities were wrapping up their investigation. He didn't say how the personal information was improperly used.
But LexisNexis said the information — including names, birth dates and Social Security numbers — was used to set up fake credit cards. The thieves, who operated businesses that were once LexisNexis customers, broke into mailboxes of businesses that contained LexisNexis database information, the letter said.
The information was obtained between June 2004 and October 2007, the letter said. There was no evidence of identity fraud in the investigation
Joe Hoover, who answered the telephone at Investigative Professionals on Friday, said he could not comment.
LexisNexis disclosed in 2005 that hackers had gotten access to personal information on as many as 32,000 Americans.
Database collector ChoicePoint Inc., a spinoff of credit agency Equifax, disclosed in 2005 that thieves posing as small business customers gained access to its database, possibly compromising the personal information of 163,000 Americans.
ChoicePoint, based in Alpharetta, Georgia, later agreed to pay $15 million to settle Federal Trade Commission charges that its security and record-handling procedures violated consumers' privacy rights. ChoicePoint later was bought by London-based educational publisher Reed Elsevier PLC, the parent of LexisNexis.