WASHINGTON (Reuters) - Data broker LexisNexis said on Tuesday that identity thieves have stolen information on 310,000 U.S. citizens from its computer systems, 10 times more than its initial estimate last month.
Thieves have used stolen passwords to lift Social Security numbers and other information from LexisNexis databases 59 times over the past two years, the company said.
Several similar incidents recently have prompted calls for greater regulation of companies that can create comprehensive profiles of nearly every adult in the United States.
"When a company like LexisNexis so badly underestimates its own ID theft breaches, it is clear that things are totally out of hand," said New York Democratic Sen. Charles Schumer.
Identity theft costs U.S. consumers and businesses $50 billion annually, according to government estimates.
After sending out letters to 32,000 people in March, LexisNexis will notify an additional 278,000 individuals whose profiles were accessed.
The company, which is owned by Anglo-Dutch publisher Reed Elsevier (REL.L) (ELSN.AS), said it will improve its security measures and make sensitive information less freely available.
The information accessed included names, addresses, Social Security numbers and driver's license numbers, but not credit histories, medical records or financial information, LexisNexis said.
LexisNexis said it has found no instances of identity theft among the roughly 600 people who have asked it to check their credit records so far.
A spokesman declined to elaborate on the breach, as the company and Secret Service are currently investigating.
Nearly all of the 59 incidents going back to January 2003 occurred at Seisint, a subsidiary based in Boca Raton, Florida that has drawn criticism from civil-liberties groups.
One Seisint database called the Matrix allows state law enforcers to quickly zero in on criminal suspects by sifting through vast amounts personal information -- from the color of someone's eyes to the type of car they drive.
LexisNexis bought Seisint in July 2004.
Rival data broker ChoicePoint Inc. in February announced that identity thieves had gained access to some 145,000 consumer profiles, while Bank of America said that same month that it had lost a shipment containing sensitive details of 1.2 million U.S. government customers.
LexisNexis CEO Kurt Sanford is scheduled to appear before the Senate Committee on Wednesday, along with ChoicePoint and Acxiom Corp., another data broker.
"We need to examine how to ensure that security practices meet appropriate standards of care," said Vermont Sen. Patrick Leahy, the committee's top Democrat.
Also on Tuesday, Schumer and Florida Democratic Sen. Bill Nelson introduced a bill that would require data brokers to tighten security measures and notify consumers when a security breach places them at risk for identity theft.
The Republican chairman of the House Energy and Commerce Committee, Rep. Joe Barton of Texas, said he is considering legislation that would make it illegal to sell Social Security numbers without an individual's permission.
Reed Elsevier moved to soothe investors' fears by reaffirming its earnings forecasts, saying the financial implications of the breach were expected to be manageable within the context of LexisNexis's overall growth.
Its shares closed down more than 1 percent in London and Amsterdam.
(Additional reporting by Bill Rigby in New York, Adam Pasick in London and Theo Kolker in Amsterdam)
Copyright 2005 Reuters Limited.
NOTE: For more telecom/internet/networking/computer news from the daily media, check out our feature 'Telecom Digest Extra' each day at. Hundreds of new articles daily.