LexisNexis Hacked Again

LexisNexis, the world’s largest information database for legal and public records, is one of three major providers of social security numbers, birth dates and other personal information hacked by online operators of a criminal identity theft service. Earlier this month a tiny unauthorized program, installed on two LexisNexis servers on April 10, 2013, was […]

By Diana Shepherd, CDFA®Updated: September 10, 2020

LexisNexis, the world’s largest information database for legal and public records, is one of three major providers of social security numbers, birth dates and other personal information hacked by online operators of a criminal identity theft service.

Earlier this month a tiny unauthorized program, installed on two LexisNexis servers on April 10, 2013, was discovered. The company claims that a FBI investigation has “to date found no evidence that customer or consumer data were reached or retrieved,” though the targeted data is presumably intended for use in identity theft and fraud.

The program was carefully engineered to avoid detection. Virustotal.com, which scrutinizes files for signs of malicious behaviour by 46 of the top anti-malware and anti-virus tools, gave it a clean bill of health. According to Greg Alterson of risk management consultancy company Neohapsis, it is common for large organizations to fail to detect network intruders for months. Security is an after-thought.

This is not the first security breach for the company. LexisNexis had over 300,000 personal records, including social security numbers and driver’s license information, stolen in 2005. One of the teenage hackers charged claimed that LexisNexis security was “really bad.” A LexisNexis spokesperson declined to say when the current intrusion was discovered or whether the company could assure clients that personal data was not stolen.

According to KrebsOnSecurity, SSNDOB.ms [Social Security Number Date Of Birth] website admins were responsible for the security breach. SSNDOB, a reliable and affordable underground cybercrime service for customers to look up Social Security numbers, birthdays and other personal data on any U.S. resident for a fee, tapped into the internal systems of LexisNexis and other large data brokers. Pat Peterson, CEO of messaging security firm Agari says, “While we don’t yet know whose data has been compromised, millions of Americans are now at risk as the criminals knit the stolen data together with their attacks to go after identity theft and bank accounts.”

Categories: Technology and Family Law Divorce News & Views

Tags: data protection and security

Published on: September 28, 2013

About the Author

Diana Shepherd, CDFA®

Diana Shepherd has over 30 years of experience as a marketing, branding, SEO, copywriting, editing, and publishing expert. As Content Director for Family Lawyer Magazine, Divorce Magazine, and Divorce Marketing Group, she oversees all corporate content development and frequently creates SEO-friendly videos, podcasts, and copy for family law and financial firms. The Co-Founder of Divorce Magazine and Divorce Marketing Group, Diana is an award-winning editor, published author, and a nationally recognized expert on divorce, remarriage, finance, and stepfamily issues. She has written hundreds of articles geared towards both family law professionals and divorcing people, and she has both performed and taught on-page SEO for 20+ years. Diana spent eight years as the Marketing Director for the Institute for Divorce Financial Analysts® (IDFA®), and she has been a Certified Divorce Financial Analyst® since 2006. While at IDFA, she wrote, designed, and published The IDFA Marketing Guide, and she also created seminars for CDFA professionals to present to family lawyers (approved for CLE), as well as to separated and divorcing individuals. She has represented both DMG and IDFA at industry conferences and events across North America, and she has given marketing as well as divorce financial seminars at many of those conferences.