LexisNexis Data Breach Exposes Sensitive Information of 364,000 Individuals
LexisNexis Risk Solutions, a major data brokerage firm, confirmed that a cyberattack on its GitHub account over the Christmas holiday led to the theft of personal data belonging to over 364,000 individuals. The breach, carried out by an unidentified hacker, resulted in the exfiltration of sensitive details, including names, birthdates, Social Security numbers, phone numbers, postal and email addresses, and driver’s license numbers.
According to LexisNexis spokesperson Jennifer Richman, the company’s GitHub repository used for software development was compromised, though further details about the intrusion remain unclear. The incident follows an earlier claim in April that an unknown third party had breached LexisNexis, though the connection between the two events is not yet confirmed.
The breach occurs amid regulatory uncertainty, as a proposed Biden administration rule aimed at restricting data brokers from selling personal and financial data was scrapped under the Trump administration. Acting Consumer Financial Protection Bureau Director Russell Vought dismissed the need for federal privacy regulations for data brokers, leaving oversight gaps in the industry. The full impact of the breach and potential misuse of the stolen data remains under investigation.
Source: https://www.scworld.com/brief/over-364k-impacted-by-lexisnexis-breach
TPRM report: https://www.rankiteo.com/company/emailage
"id": "ema1765195852",
"linkid": "emailage",
"type": "Breach",
"date": "5/2025",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '364,000 individuals',
'industry': 'Information Services',
'name': 'LexisNexis Risk Solutions',
'type': 'Data Brokerage Firm'}],
'attack_vector': 'GitHub account compromise',
'data_breach': {'data_exfiltration': 'Yes',
'number_of_records_exposed': '364,000',
'personally_identifiable_information': 'Names, birthdates, '
'Social Security '
'numbers, phone '
'numbers, postal and '
'email addresses, '
"driver's license "
'numbers',
'sensitivity_of_data': 'High',
'type_of_data_compromised': 'Personal Identifiable '
'Information (PII)'},
'description': 'Major data brokerage firm LexisNexis Risk Solutions had '
'information from over 364,000 individuals stolen following a '
'Christmas cyberattack against GitHub, which the company uses '
"for software development. The infiltration of LNRS' GitHub "
'account allowed the hacker to exfiltrate sensitive personal '
'data.',
'impact': {'data_compromised': 'Names, birthdates, Social Security numbers, '
'phone numbers, postal and email addresses, '
"driver's license numbers",
'identity_theft_risk': 'High',
'systems_affected': 'GitHub repository'},
'initial_access_broker': {'entry_point': 'GitHub account'},
'references': [{'source': 'TechCrunch'}],
'threat_actor': 'Unknown',
'title': 'LexisNexis Risk Solutions Data Breach via GitHub Compromise',
'type': 'Data Breach'}