Lexis-Nexis made public notification of a data breach that federal authorities say is tied to a New York mafia crime family. The New York-based company has sent more than 13,000 letters to former customers whose personal data may be at risk. The 13,000 customers may have been targeted for extortion and identity theft.

Earlier in May, the U.S. Attorney General's office in Southern District of Florida handed down an indictment charging 11 men with racketeering conspiracy. The 11 had ties to the Bonnano organized crime family.

"The former Seisint customer involved in this matter should have provided notice to potentially affected individuals," says a Lexis-Nexis representative (Seisint is a company owned by Lexis-Nexis). "However, because the customer is no longer in business, we provided the notice."

The alleged suspect, Lee Klein, one of the 11 charged in the indictment, "was an employee of a former Seisint customer who misused his employer's Accurint access. As such, we notified all individuals whose information could have been viewed in connection with the limited searches that law enforcement believed were unauthorized. We provided notice in accordance with the law because the customer was no longer in business," the Lexis-Nexis representative says.

Accurint is used by law enforcement and other entities to verify identity and locate people. Lexis-Nexis says 13,329 letters were sent to individuals on behalf of Seisint's former customer in connection with this investigation.

Click to Get Updates on the Latest Information Security News

Company* Title* Email* Subscription Type: HTML Text Government Enews General Government Enews Blogs Enews Careers Enews Training Enews Webinars Enews Podcasts Enews White Papers Enews Banking Enews General Banking Enews Blogs Enews Careers Enews Training Enews Webinars Enews Podcasts Enews White Papers Enews Credit Union Enews General Credit Union Enews Blogs Enews Careers Enews Training Enews Webinars Enews Podcasts Enews White Papers Enews Need Help?

How it Happened
According to the indictment, Klein worked for the criminal "crew" of Thomas Fiore, an associate of the Bonanno organized crime family.

The indictment alleges that Klein illegally used "information obtained from computer databases in order to acquire identification information regarding potential victims of extortion" and people suspected by Fiore's criminal organization of being involved with law enforcement.

Klein allegedly provided Fiore with "corporation names, addresses and account numbers to facilitate the manufacture and negotiation of counterfeit checks."

In addition, the indictment alleges that members of the criminal crew used threats of force and violence, including conspiracy to commit murder, to advance the objectives of the enterprise.

Security Experts React to Mob Ties
"Although sensational in its headline 'Mob Steals Data,' we perhaps should focus on how the data was accessed and what was contained in the information," says information security and privacy expert Kevin Nixon, CISSP, CISM, CGEIT. "We are experiencing some most extraordinary events related to global businesses, economics and confidential information movement via the merger and acquisition of companies, networks, databases and entire systems."

Analyst Nick Holland sees this case is indicative of the way that data breaches are becoming the work of organized crime syndicates, both overseas and domestically. "The relative ease with which sensitive data can be acquired by either high tech (malware) or low tech (placing a criminal within an organization) means makes it attractive for organized criminals that have the resources to execute such attacks," says Holland, of the Aite Group.

The Bonanno crime family was making money from the sale of unauthorized identification documents (including social security numbers and health and life insurance applications). "If the mafia considers that selling sensitive information is a legitimate line of business, then clearly the days of just amateurs committing breaches are well behind us," Holland observes.

The increased presence of organized crime in computer-related crime is troubling to say the least, says information security expert Avivah Litan, an analyst at the Gartner Group. "This is something I've been hearing from law enforcement and prosecutors for some time, that organized crime is becoming involved in identity theft. It's not just the Russian mob or the new mafia that is becoming involved in this, it's the old mafia too. Why? Because it is a much simpler crime, they can put down their guns and there's no blood involved," Litan notes.

One of the "old school" tactics that the organized crime figures use, says Litan, is going to the local watering holes and seducing young girls and finding out where they work. The mob's tactic of dating new employees who work at companies that have access to customer data leads to Litan's warning, "He's not after your heart; he's after your data."