June 2nd, 2025
Who:
LexisNexis Risk Solutions, a major U.S. data broker, experienced a data breach.
An unauthorized third-party accessed the company's GitHub repositories, a platform used for software development.
What:
On December 25, 2024, the breach occurred, compromising sensitive personal information of over 364,000 individuals.
Exposed data includes names, Social Security numbers, driver’s license numbers, and contact information.
The breach was discovered on April 1, 2025, and affected individuals are being notified.
Impact:
The compromised information poses risks of identity theft, fraud, and unauthorized surveillance.
The incident underscores vulnerabilities in third-party platforms and the need for stringent data protection measures, and third-party risk management.
It also highlights the potential consequences of delayed breach detection and notification.
This is a reminder that, even in the "right" hands, unless proper security controls are in place our data is never truly safe.
Recommendations:
For Individuals:
Monitor financial accounts and credit reports for suspicious activity.
Consider placing fraud alerts or credit freezes with major credit bureaus.
Utilize identity theft protection services to safeguard personal information.
For Organizations:
Implement robust security protocols for third-party platforms, vendors and repositories.
Conduct regular security audits and employee training on data protection.
Develop and maintain an incident response plan for timely breach detection and notification.
Read the full article HERE