Possibly because corporations only go public with things like this when they're too big to disguise the repercussions.

Anyway...

Security Breach at LexisNexis Now Appears Larger
By HEATHER TIMMONS

LONDON, April 12 - Reed Elsevier, owner of the LexisNexis databases, said Tuesday that Social Security numbers, driver's license information and the addresses of 310,000 people may have been stolen, 10 times more than it originally reported last month.

The company said there were 59 separate instances in which unauthorized users "may have fraudulently acquired personal identifying information" through Seisint, a unit of LexisNexis. Seisint compiles information from government records and holds personal data about most American citizens. Its data is used by employers making hiring decisions, landlords choosing tenants and by debt collectors among others.

Unauthorized Seisint users often used log-in names and passwords that were assigned to legitimate customers, the chief executive of the LexisNexis Group, Kurt Sanford, said in an interview. LexisNexis found that the thieves were using the log-in names assigned to former employees of Seisint customers or were correctly guessing uncomplicated ID and password combinations or accessing customers' systems through a virus, Mr. Sanford said.

The announcement, along with reports earlier this year from ChoicePoint, another data broker, and Bank of America that personal information may have been stolen, added fuel to calls to regulate the $5 billion-a-year data-brokering industry. The Senate Judiciary Committee is currently holding hearings about the protection of personal data.

"This shows how we don't have a handle on how large and pervasive a problem identity theft really is," Senator Charles E. Schumer, Democrat of New York, said in an e-mail message. "When a company like LexisNexis so badly underestimates its own ID theft breaches, it is clear that things are totally out of hand."