Personal infos of 310,000 US citizens may have been stolen

Recent Press Releases

Reed Elsevier Group

LexisNexis concludes review into unauthorised access to US databases
12 April 2005


Issued on behalf of Reed Elsevier PLC and Reed Elsevier NV

Further to its announcement of 9 March 2005, Reed Elsevier announced today that LexisNexis, its global legal and business information division, has concluded its review of all data search activity across its business, including its Seisint unit.

The comprehensive review analysed data search activity going back over the last two full years and concluded that there were 59 incidents where unauthorised persons, predominantly using IDs and passwords of legitimate customers of Seisint, may have fraudulently acquired personal identifying information from its US risk management databases. LexisNexis estimates that information on approximately 310,000 US individuals in total may have been accessed. LexisNexis is notifying all these individuals and is offering free support services, including credit bureau reports, credit monitoring for one year and fraud insurance, to monitor and protect them from possible fraud associated with identity theft. LexisNexis will provide fraud counselling services or specialised assistance to any individual who has been the victim of identity theft related to these incidents. LexisNexis has alerted law enforcement authorities and is proactively assisting in their investigations of the potentially fraudulent misuse of the information acquired.

In March, LexisNexis notified approximately 30,000 individuals in relation to the incidents reported in the announcement of 9 March 2005, that criminals could have accessed their personal information. To date, approximately two percent of those individuals have contacted LexisNexis to accept its offer of free credit reports and credit monitoring, and none has so far advised LexisNexis that they have experienced any form of identity theft. The 30,000 individuals are included within the 310,000 total referred to above.

The incidents predominantly relate to misappropriation by third parties of IDs and passwords from legitimate customers of Seisint. The information concerned relates to names and addresses and other personal identifying information such as social security and driver's licence numbers. LexisNexis and Seisint databases do not hold personal credit histories, medical records or financial records on individuals. Neither the LexisNexis nor the Seisint technology infrastructure has been breached by hackers nor was any customer data compromised or accessed in these incidents. As indicated on 9 March 2005, LexisNexis and Seisint are implementing significant improvements to customers' password and ID administration security processes to help prevent future incidents. LexisNexis will continue its long established support of effective federal and state data privacy policies and practices.

As announced on 9 March 2005, the financial implications of the unauthorised access to LexisNexis databases are expected to be manageable within the context of LexisNexis' overall growth. Reed Elsevier also today reaffirmed its 2005 and longer term financial targets of at least 5% organic revenue growth and double digit adjusted earnings per share growth at constant rates of exchange.

Forward looking statements

This announcement contains forward-looking statements within the meaning of Section 27A of the US Securities Act of 1933, as amended, and Section 21E of the Securities Exchange Act of 1934, as amended. These statements concern future matters, such as the features and functions of, and markets for, products and services offered by Reed Elsevier, and Reed Elsevier's business plans and strategies. Forward-looking statements are based on the current expectations of the management of Reed Elsevier and are subject to risks and uncertainties. Actual results and events could differ materially from the results discussed in the forward-looking statements. Factors which could cause or contribute to differences in results include, but are not limited to, general economic conditions and business conditions in Reed Elsevier's markets, customers' acceptance of its products and services, the actions of competitors, legislative, fiscal and regulatory developments, changes in law and legal interpretation affecting Reed Elsevier's intellectual property rights, and the impact of technological change. Reed Elsevier is not under any obligation (and expressly disclaims any such obligation) to update or alter its forward-looking statements whether as a result of new information, future events or otherwise.


Notes to Editors

Reed Elsevier Group plc is a world leading publisher and information provider. It is owned equally by its two parent companies, Reed Elsevier PLC and Reed Elsevier NV. The parent companies are listed on the London, Amsterdam and New York Stock Exchanges, under the following ticker symbols: London: REL; Amsterdam: REN; New York: RUK and ENL. In 2004, Reed Elsevier made adjusted profit before taxation of £1,027 million/€1,510 million on turnover of £4,812 million/€7,074 million. The group employs 35,600 people, including approximately 22,000 in North America. Operating in the scientific, legal, educational and business-to-business sectors, Reed Elsevier provides high value and flexible information solutions to professional end users, with increasing emphasis on internet delivery.

- ENDS -

For further information please contact :
Catherine May: +44 (0)20 7166 5657
Patrick Kerr: +44 (0)20 7166 5646

News Releases April-June, 2005

LexisNexis Concludes Review of Data Search Activity, Identifying Additional Instances of Illegal Data Access

Company takes steps to notify consumers and provide monitoring and support to prevent identity theft

DAYTON, OH, April 12, 2005 - LexisNexis, a leading provider of legal, news and business information, said today it has completed an extensive review of data search activity at its recently acquired Seisint unit, as well as across its other businesses. Reed Elsevier announced that LexisNexis had initiated a review on March 9, after it identified a number of incidents of potentially fraudulent access to information at its recently acquired Seisint unit. The in-depth review analyzed data search activity for the past two years. LexisNexis has concluded that unauthorized persons, primarily using IDs and passwords of legitimate Seisint customers, may have acquired personal-identifying information, such as Social Security numbers (SSN) or Driver's License numbers (DLN), of individuals in the U.S. in some 59 incidents. LexisNexis has alerted law enforcement authorities and is proactively assisting in investigations.

In addition to the 30,000 individuals already notified, LexisNexis will begin notifying approximately 280,000 additional individuals whose information may have been acquired during these recently identified incidents. LexisNexis will offer free support services to individuals who receive the notification, to monitor and protect them from possible fraud associated with identity theft, including credit bureau reports, credit monitoring for one year and fraud insurance. In addition, LexisNexis will provide fraud counseling services or specialized assistance on a case-by-case basis to any individual who has been the victim of identity theft related to these instances.

"We have undertaken and completed this extensive review to ensure we have a clear understanding of the extent to which information on individuals may have been fraudulently acquired. We are taking action to notify individuals where we found some indication that they might have some risk of identity theft or fraud, even if that risk did not appear to be significant," said Kurt Sanford, CEO, Corporate and Federal Markets, LexisNexis. "We regret that consumers, who traditionally are the primary beneficiaries of our risk management products and services, may have been affected by these events. We have taken a number of significant actions in recent weeks to further guard against these types of fraudulent intrusions at our customer sites and to enhance our security procedures and policies overall."

The substantial majority of instances involved IDs and passwords stolen from Seisint customers that had legally permissible access to SSNs and DLNs for legitimate purposes, such as verifying identities and preventing and detecting fraud. Neither LexisNexis nor Seisint collect personal credit histories, medical records or individual financial records. At no time was the LexisNexis or Seisint technology infrastructure hacked into or penetrated nor was any customer data residing within that infrastructure accessed or compromised.

Customers whose passwords and IDs were compromised have been advised of the incidents. LexisNexis and Seisint are implementing multiple improvements to customers' password and ID administration and security processes. In addition, LexisNexis has further limited access to SSNs by extending its more restrictive policies to the Seisint business. This included truncating SSNs displayed in non-public documents and narrowing access to full SSNs and DLNs to law enforcement and a restricted group of legally authorized organizations, such as banks and insurance companies.

In March 2005, LexisNexis sent notices to approximately 30,000 individuals advising them that personally identifiable information could have been accessed by unauthorized persons. To date, a small number of those individuals have contacted the company to accept its offer of free credit reports and credit monitoring. Of that group, no individual has advised LexisNexis of having experienced any form of identity theft.

About LexisNexis

LexisNexis® U.S. (www.lexisnexis.com) is a leader in comprehensive and authoritative legal, news and business information and tailored applications. A member of Reed Elsevier Group plc [NYSE: ENL; NYSE: RUK] (www.reedelsevier.com), the company does business in 100 countries with 13,000 employees worldwide. In addition to its flagship Web-based Lexis® and Nexis® research services, the company includes some of the world's most respected legal publishers such as Martindale-Hubbell, Matthew Bender, Butterworths, JurisClasseur, Abeledo-Perrot and Orac.