LexisNexis breach: Data broker hack exposed trove of sensitive information, including Social Security numbers
Data analytics firm LexisNexis Risk Solutions said it suffered a data breach that could have affected the names, Social Security numbers, driver’s license numbers, and contact information of more than 364,000 people. The company said in a filing with Maine’s attorney general that an “unauthorized third party” stole data from a third-party platform used for software development. A spokesperson told TechCrunch, which earlier reported of the breach, that an unknown hacker accessed its GitHub account. The breach dates back to last Christmas, though the company said it only discovered it on April 1. “Upon learning of the issue, we promptly launched an investigation with the assistance of leading external cybersecurity experts, notified law enforcement and took steps to review and further enhance our security controls,” LexisNexis said in a notice that’s being sent out to consumers. “We also initiated an extensive review of the impacted data to identify personal information that may have been affected.” Reached for comment by Fast Company, a spokesperson for LexisNexis Risk Solutions confirmed the third-party breach and emphasized that it did not contain financial or credit-card information. “There was no compromise of our own systems, infrastructure, or products,” the spokesperson said. “We are notifying approximately 360,000 individuals and appropriate regulators. We have also reported this incident to law enforcement.” Their market, your data LexisNexis is part of a massive industry where data brokers collect and sell access to personal and financial data for risk and fraud assessment. That information can have wide repercussions for consumers. For example, the New York Times reported last year that LexisNexis would receive driving data from automakers, which the firm would then sell to insurance companies, potentially leading to higher premiums. LexisNexis also operates a large database of legal documents and public records. The Consumer Financial Protection Bureau (CFPB) said in December that it planned to introduce rules that would limit the ability of data brokers to sell sensitive information on Americans. But the new Trump administration halted those operations, and the CFPB officially scrapped the plans earlier this month. “The Bureau is withdrawing this NPRM (notice of proposed rule making) in light of updates to Bureau policies,” its listing in the Federal Register said.
Data analytics firm LexisNexis Risk Solutions said it suffered a data breach that could have affected the names, Social Security numbers, driver’s license numbers, and contact information of more than 364,000 people.
The company said in a filing with Maine’s attorney general that an “unauthorized third party” stole data from a third-party platform used for software development. A spokesperson told TechCrunch, which earlier reported of the breach, that an unknown hacker accessed its GitHub account. The breach dates back to last Christmas, though the company said it only discovered it on April 1.
“Upon learning of the issue, we promptly launched an investigation with the assistance of leading external cybersecurity experts, notified law enforcement and took steps to review and further enhance our security controls,” LexisNexis said in a notice that’s being sent out to consumers. “We also initiated an extensive review of the impacted data to identify personal information that may have been affected.”
Reached for comment by Fast Company, a spokesperson for LexisNexis Risk Solutions confirmed the third-party breach and emphasized that it did not contain financial or credit-card information. “There was no compromise of our own systems, infrastructure, or products,” the spokesperson said. “We are notifying approximately 360,000 individuals and appropriate regulators. We have also reported this incident to law enforcement.”
Their market, your data
LexisNexis is part of a massive industry where data brokers collect and sell access to personal and financial data for risk and fraud assessment. That information can have wide repercussions for consumers.
For example, the New York Times reported last year that LexisNexis would receive driving data from automakers, which the firm would then sell to insurance companies, potentially leading to higher premiums. LexisNexis also operates a large database of legal documents and public records.
The Consumer Financial Protection Bureau (CFPB) said in December that it planned to introduce rules that would limit the ability of data brokers to sell sensitive information on Americans. But the new Trump administration halted those operations, and the CFPB officially scrapped the plans earlier this month.
“The Bureau is withdrawing this NPRM (notice of proposed rule making) in light of updates to Bureau policies,” its listing in the Federal Register said.
