How LexisNexis and others may have unwittingly aided identity thieves

Operators of an underground identity theft service have infiltrated three of the biggest providers of social security numbers, birth dates, and other consumer information, according to a published report. In total, the hackers were able to pilfer records belonging to more than four million people.

"The intrusions raise major questions about how these compromises may have aided identity thieves," KrebsOnSecurity reporter Brian Krebs wrote in the 2,100-word report published Wednesday. His seven-month investigation found that the illicit service, known as ssndob[dot]ms (readers shouldn't visit this site) served more than 1.02 million unique social security numbers to customers and almost 3.1 million date of birth records since its inception in early 2012. The data was appropriated after the operators of the service infiltrated Atlanta, Georgia-based LexisNexis, Short Hills, New Jersey-headquartered Dun & Bradstreet, and Kroll Background America, which is now a part of HireRight, he reported.

Krebs said his findings were based on a copy of the SSNDOB database that became available after the ID theft service was itself hacked. It showed that more than 1,300 customers spent hundreds of thousands of dollars looking up SSNs, birthdates, and driver license records and obtaining unauthorized credit and background reports. The operators of the service were the same hackers who in March published the SSNs and other sensitive details for dozens of celebrities and politicians, including Vice President Joe Biden, first lady Michelle Obama, and rap star Jay-Z.

Read 2 remaining paragraphs | Comments