CyberSecurity news
FlagThis
Zack Whittaker@techcrunch.com
//
Data broker giant LexisNexis has disclosed a significant data breach affecting over 364,000 individuals. The breach targeted LexisNexis Risk Solutions (LNRS), a unit specializing in "know your customer," risk assessment, due diligence, and law enforcement assistance. An unauthorized party gained access to a third-party software development platform utilized by LNRS, resulting in the theft of sensitive personal data.
The intrusion, which occurred on December 25, 2024, was detected by LexisNexis on April 1, 2025. Initial reports indicate that the stolen data includes names, phone numbers, home addresses, email addresses, Social Security numbers, driver's license numbers, and dates of birth. While LexisNexis asserts that its own systems and infrastructure were not compromised, the breach raises concerns about the security of data entrusted to third-party vendors. The company stated that "No financial, credit card, or other sensitive personal information was accessed".
LexisNexis is notifying affected individuals and relevant regulators about the breach. The company also reported the incident to law enforcement. They are offering affected individuals 24 months of identity protection and credit monitoring through Experian. The incident highlights the vulnerability of personal data within the data broker industry and comes shortly after the scrapping of a Biden-era rule intended to restrict data brokers from selling Americans’ sensitive information.
ImgSrc: techcrunch.com
References :
The intrusion, which occurred on December 25, 2024, was detected by LexisNexis on April 1, 2025. Initial reports indicate that the stolen data includes names, phone numbers, home addresses, email addresses, Social Security numbers, driver's license numbers, and dates of birth. While LexisNexis asserts that its own systems and infrastructure were not compromised, the breach raises concerns about the security of data entrusted to third-party vendors. The company stated that "No financial, credit card, or other sensitive personal information was accessed".
LexisNexis is notifying affected individuals and relevant regulators about the breach. The company also reported the incident to law enforcement. They are offering affected individuals 24 months of identity protection and credit monitoring through Experian. The incident highlights the vulnerability of personal data within the data broker industry and comes shortly after the scrapping of a Biden-era rule intended to restrict data brokers from selling Americans’ sensitive information.
ImgSrc: techcrunch.com
Share:
References :
- The Register - Software: Attack on LexisNexis Risk Solutions exposes data on 300k +
- Zack Whittaker: New, by me: Data broker giant LexisNexis has revealed that its risk solutions unit (think "know your customer," risk assessing, due diligence, and law enforcement assistance) was breached, affecting the personal data and Social Security numbers of at least 364,000 people.
- techcrunch.com: Data broker giant LexisNexis says breach exposed personal information of over 364,000 people
- www.itpro.com: Breach at data analytics firm impacts 364,000 people
- www.techradar.com: Over 364,000 people have personal info leaked following hack on data broker LexisNexis
- ciso2ciso.com: Attack on LexisNexis Risk Solutions exposes data on 300k + – Source: go.theregister.com
Classification:
- HashTags: #DataBreach #LexisNexis #Privacy
- Company: LexisNexis
- Target: Individuals
- Product: Risk Solutions
- Feature: Data Exposure
- Type: DataBreach
- Severity: Major