Data Broker Giant LexisNexis Says Breach Exposed Personal Information of Over 364,000 People (techcrunch.com) 47
An anonymous reader quotes a report from TechCrunch: LexisNexis Risk Solutions, a data broker that collects and uses consumers' personal data to help its paying corporate customers detect possible risk and fraud, has disclosed a data breach affecting more than 364,000 people. The company said in a filing with Maine's attorney general that the breach, dating back to December 25, 2024, allowed a hacker to obtain consumers' sensitive personal data from a third-party platform used by the company for software development.
Jennifer Richman, a spokesperson for LexisNexis, told TechCrunch that an unknown hacker accessed the company's GitHub account. The stolen data varies, but includes names, dates of birth, phone numbers, postal and email addresses, Social Security numbers, and driver license numbers. It's not immediately clear what circumstances led to the breach. Richman said LexisNexis received a report on April 1, 2025 "from an unknown third party claiming to have accessed certain information." The company would not say if it had received a ransom demand from the hacker.
Jennifer Richman, a spokesperson for LexisNexis, told TechCrunch that an unknown hacker accessed the company's GitHub account. The stolen data varies, but includes names, dates of birth, phone numbers, postal and email addresses, Social Security numbers, and driver license numbers. It's not immediately clear what circumstances led to the breach. Richman said LexisNexis received a report on April 1, 2025 "from an unknown third party claiming to have accessed certain information." The company would not say if it had received a ransom demand from the hacker.
Title Correction: (Score:5, Insightful)
"Giant Privacy Rapist LexisNexis Says Breach Exposed Personal Information of Over 364,000 People"
There FTFY.
Re: (Score:3)
Pretty much. LexisNexis is like the private enterprise version of China's social credit score.
This was the company Chevy was selling their OnStar telemetry data to, so you could have your insurance premiums jacked up just for having the sort of driving patterns insurance companies consider to be high risk (which these days, is practically anything beyond leaving your car parked in the garage).
Re: Title Correction: (Score:3)
Zero Consent (Score:3)
Data breach and right to be forgotten (Score:2)
Seems that there would be a law that requires each and affected person to be notified by US postal mail of a data breach and for that person to have a right to request that their data, including backups and anonymized data, be forgotten by the company who lost the data within 90 days of request.
The company would have to rebuild the anonymized data every 90 days.
Re: (Score:3)
Precisely this. Their number offends the median reader's intelligence without more context.
One possibility they could admit to: they left a data dump for a customer on an open S3 bucket or something like that.
Re: (Score:2)
Progressive Insurance partners with them and runs random reports to match people in their (LexisNexus) database with the same addresses listed and then adds them to your account with very little notice and requiring you to prove to Progressive that you don't have anyone else living at the address that has access to your car.
Random names and ethnicities with no tie to each other, other than "at one point in time LexisNexus *some how* knew you lived here"
absolute scum of the fucking earth.
Re: (Score:2)
Progressive Insurance partners with them and runs random reports to match people in their (LexisNexus) database with the same addresses listed and then adds them to your account with very little notice and requiring you to prove to Progressive that you don't have anyone else living at the address that has access to your car.
Well, like most forms of insurance, much of auto insurance amounts to things that would be called 'fraud' if it wasn't done by Fortune-500 corps. "There's someone of driving age living at your address." "It's a condo with A, B, C and D units. Only I live in C." "The address matches in our database." "Fuck you, I'll get my insurance elsewhere."
The entire insurance industry including everyone above the level of call-center agent needs to be burned to the ground, and the ashes vacuum-compressed and launch
Re: (Score:2)
Indeed. Also, who of those responsible goes to prison? Nobody? Then this crap will continue.
Re: (Score:2)
SEBBY THE RAPIST trying to dilute the meaning of the word RAPE so he doesn't look so bad by comparison.
Here you go [slashdot.org] you clueless, spineless fuck.
Re: They had one job (Score:2)
There should be consequences but there won't be.
Re: (Score:2)
Google sells data, too. But they make damn sure that nobody gets the data without paying.
So its only ... (Score:2)
Re: (Score:2)
True, but probably ultimately not any worse than services that require you to put in data for "account recovery" that can easily be found with a few minutes of open source intelligence research. "What is your favorite sports team?" Well, if I'm from Dallas maybe it's the Cowboys. "What is the city you were born in?" Duh. "What is your mother's maiden name?" Well, maybe she never married or changed it back after divorce, or is listed on Facebook or something? Ugh.
Most of the stuff we use for identification a
Re: (Score:1)
They could ask:
What happened to your first girlfriend:
Mine's in jail now
or:
What caused your last divorce:
Infidelity (Not mine).
That may be harder to look up, depending on how those answers changed.
Maybe:
What sex does your favorite pet have:
Male/Female, Neutered, Other
Or:
What car did you take your driver's test in.
What color did you paint your shack's bedroom in
Or:
What was the first video game you beat
Or:
How many seconds was the longest belch you've ripped off:
Or:
How many friends did you have in high
Re: (Score:2)
I was just asked this very question a couple of days ago, when setting up an account for my new eye doctor.
As I'm in my 70s, and took the test at 16, I have no clue as to what car I took it in.
Feel free to lie ... (Score:2)
-> What car did you take your driver's test in. I was just asked this very question a couple of days ago, when setting up an account for my new eye doctor. As I'm in my 70s, and took the test at 16, I have no clue as to what car I took it in.
They don't verify the correctness of the answer. They just verify it's the same answer as before. Feel free to lie, so long as its a lie you can remember. :-)
Re: (Score:2)
D'oh, I keep forgetting that, so it was in my Lamborghini Miura...
Re: (Score:3)
True, but probably ultimately not any worse than services that require you to put in data for "account recovery" that can easily be found with a few minutes of open source intelligence research.
You could, and should, put whatever you want in those questions.
Q: What is your favorite car?
A: 3d40fcf543b5449457c128e0724006d2
Q: What is your mother's maiden name?
A: 081a69e45f646ccfb32b826c1ee40e7a
etc etc
Re: (Score:2)
Sure. But the reality is that most people don't, so it's just opening another vector of attack.
You can answer a different question (Score:2)
Is this the ultimate in security? No. You just want the hackers to think they are spending too much time on you and move on to someone else.
justice (Score:2)
Anyone affected by the breach will receive one (1) free year of credit monitoring which will automatically renew at the standard rate of $999.99/year!
Re: (Score:3)
To check whether you need this credit monitoring, please fill in our form (link) giving your SSN, date of birth, full names (including previous names if applicable), address, income, current and recent automobile models, estimated socio-economic class (use our wizard if unsure), list of current devices (use your Google account to help automatically collate your list), body and genital measurements (simply accept all privileges requested, including remote control and our new AI system will guide you to avoid
So, they exported real data to GitHub??? (Score:4, Insightful)
Re: (Score:1)
Move fast and break things. ;-)
So LexisNexis' only complaint here... (Score:4, Funny)
Re: (Score:2)
So LexisNexis' only complaint here is that the privacy raping they charge their corporate customers for will now be done for free.
And this ladies and gentlemen... erm... maybe just gentlemen... is why they want you to hate GDPR style laws. They want you to think it's just annoying cookie popups when really it's a system of laws making selling your private data without your permission illegal and serious punishments for allowing private data to be stolen due (I.E. due to poor storage procedures).
They make billions selling your private information and then lose it anyway.
LexisNexis isn't the problem (Score:4)
Lack of laws that make Databrokers illegal are the problem. They have no reason to exist and don't offer anything of value to society.
Re: (Score:3)
True. Oh, and look, they are effectivelly illegal under the GDPR...
Winning! (Score:2)
Earlier this month, the Trump administration scrapped a plan that would have restricted data brokers from selling Americans’ personal and financial information, including Social Security numbers. White House official Russell Vought wrote in a Federal Register notice that the Biden-era rule, which would have required data brokers to follow the same federal privacy rules as credit bureaus and renter-screening companies, was “not necessary or appropriate,” despite long-standing calls by privacy advocates to close the loophole.
Winning! I can't believe all the winning! Of course, Biden didn't actually implement said rule after someone used his auto-pen to sign it while we was trying to navigate the stairs in the White House, but who cares? Have you ever seen so much winning?
And the dumbasses at Lexus Nexus who exported live data to Github? WINNERS!
Well that's embarrassing...... (Score:2)
The biggest problem with LN (Score:1)
The biggest problem with LN is that they are acting as a dark credit bureau without being licensed or registered as a credit bureau, and without complying with any of the regulations that apply to credit bureaus.
Whenever you see a prompt "find out if you qualify without affecting your credit score!" it's because they are using LN for their credit data source and not one of the regulated bureaus, and they make it very difficult for you to obtain what they have on you.
I did it last year and I was shocked at w
Re: (Score:2)
Data Broker Funds (Score:1)
Companies that deal in sensitive data (cc #s, ssns, addresses) should be required to fund everyone having free access to their credit reports.
LNRC Breach: Negligence and Political Sabotage (Score:2)
LexisNexis Risk Solutions just leaked the personal data of over 364,000 people—including Social Security numbers and driver’s licenses—because they let a hacker waltz into their GitHub account. Yes, GitHub. The place you store code, not production PII. This wasn’t a sophisticated nation-state exploit. This was gross negligence disguised as DevOps convenience.
LexisNexis, a billion-dollar data broker that sells risk models to insurers and law enforcement, treated sensitive identity dat