Data brokers didn’t notify consumers of past breaches

Oh great, this is just what we wanted to hear. Apparently data brokers have decided not to bother alerting potential victims of any past security breaches that have happened. I am not really surprised as these people are not likely to fess up to anything unless a court makes them.

Two large data brokers that recently reported data breaches potentially affecting hundreds of thousands of U.S. residents have been compromised in the past and have not notified victims, executives from the two companies told a U.S. Senate committee Wednesday.

Executives from ChoicePoint and LexisNexis, under questioning from Senator Dianne Feinstein, told the Senate Judiciary Committee that they did not report some data breaches to potential victims before a California law requiring notification went into effect in 2003.

A LexisNexis executive also told the committee that law enforcement agencies have reported 10 incidents of potential identify fraud, in which new e-mail or credit card accounts were opened, related to a recent LexisNexis breach where about 310,000 U.S. residents’ records may have been compromised. [Read the rest]