Around 32,000 people may have had their identity and credit details compromised.
Consumer data provider LexisNexis revealed that fraudsters used its service for more than three years to gather personal data to commit credit card fraud. The data search and information retrieval services of the company, and subsidiary ChoicePoint, were used by scammers to obtain personal information such as names, addresses and Social Security numbers.
The fraudsters set up fake mailboxes and gathered personal information on LexisNexis to open credit cards in the victims' names.
The company sent out a breach notification letter on Friday, which claimed that victims would have been informed by the United States Postal Inspection Service, a federal law enforcement agency who was investigating the matter.
It also claimed that the fraud may have happened between 14th June 2004 and 10th October 2007, but it did not send notification letters to victims until now, after instruction by the United States Postal Inspection Service.
The letter stated: “Over the course of the last several years and since this occurrence, LexisNexis has taken a number of steps to strengthen its privacy and security safeguards to improve the overall protection of consumers' information.
“Some of the measures we have put in place include the implementation of a standards-based security control framework that drives protections for our network, access and monitoring of product use to detect and respond to potentially fraudulent activity.
“We also limit access to sensitive personally identifiable information except where there is a critical business need coupled with a permissible purpose for such access.”
It further claimed that it had implemented numerous policies, procedures and standards that set forth clear parameters for data governance across the organisation and for customers.
By means of recompense, it has offered customers a full year of credit monitoring with unlimited access to Experian Credit Reports and Credit Scores.