LexisNexis Risk Solutions

Data broker giant LexisNexis Risk Solutions, a Georgia-based American data analytics company, has revealed that attackers stole the personal information of over 364,000 individuals in a December breach. The data, which included names, contact information, Social Security numbers, driver’s license numbers, and dates of birth, was stolen from GitHub by an unknown threat actor using a compromised company account. The breach did not affect the company's own networks or systems, and no financial information was compromised. The company has warned affected individuals to monitor their account statements and credit reports for fraud and identity theft attempts, and will provide them with two years of free identity protection and credit monitoring services.

Source: https://www.bleepingcomputer.com/news/security/data-broker-lexisnexis-discloses-data-breach-affecting-364-000-people/

TPRM report: https://scoringcyber.rankiteo.com/company/lexisnexis-risk-solutions

"id": "lex1007052925",
"linkid": "lexisnexis-risk-solutions",
"type": "Breach",
"date": "5/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'customers_affected': '364,333 individuals',
                        'industry': 'Data Analytics',
                        'location': 'Georgia, USA',
                        'name': 'LexisNexis Risk Solutions',
                        'size': 'Over 11,800 employees',
                        'type': 'Data Analytics Company'}],
 'attack_vector': 'Compromised GitHub Account',
 'customer_advisories': 'Monitor for identity theft and fraud',
 'data_breach': {'data_exfiltration': True,
                 'number_of_records_exposed': '364,333',
                 'personally_identifiable_information': True,
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Names',
                                              'Contact Information',
                                              'Social Security Numbers',
                                              'Driver’s License Numbers',
                                              'Dates of Birth']},
 'date_detected': '2025-04-01',
 'date_publicly_disclosed': '2025-05-24',
 'description': 'Data broker giant LexisNexis Risk Solutions revealed that '
                'attackers stole the personal information of over 364,000 '
                'individuals in a December breach.',
 'impact': {'data_compromised': 'Personally Identifiable Information (PII)',
            'identity_theft_risk': 'High',
            'payment_information_risk': 'None'},
 'initial_access_broker': {'entry_point': 'Compromised GitHub account'},
 'investigation_status': 'Ongoing',
 'motivation': 'Data Theft',
 'post_incident_analysis': {'root_causes': 'Compromised company account on '
                                           'GitHub'},
 'recommendations': ['Monitor account statements and credit reports for fraud '
                     'and identity theft attempts'],
 'references': [{'source': 'BleepingComputer'}],
 'regulatory_compliance': {'regulatory_notifications': 'Maine Attorney '
                                                       "General's Office"},
 'response': {'communication_strategy': 'Data breach notifications sent to '
                                        'affected individuals',
              'incident_response_plan_activated': True,
              'remediation_measures': ['Free identity protection and credit '
                                       'monitoring services for 2 years'],
              'third_party_assistance': 'Forensic firm'},
 'threat_actor': 'Unknown',
 'title': 'LexisNexis Risk Solutions Data Breach',
 'type': 'Data Breach',
 'vulnerability_exploited': 'Compromised company account on GitHub'}