LexisNexis Data Breach Confirmed
LexisNexis has verified a data breach following the release of sensitive data by hackers, although the company asserts that the fallout is minimal. The breach, reported by hackers on a cybercrime forum, involved an unsuccessful extortion attempt directed at the legal and risk solutions firm.
Details of the Cyber Intrusion
The breach was publicized on Tuesday when hackers disclosed their unauthorized access attempts. According to LexisNexis representatives, the intrusion involved some servers but primarily affected legacy systems holding outdated data from before 2020. The corporation assured that the core functions of their services remain uncompromised.
Compromised information includes customer names, user IDs, and contact details, in addition to IP addresses of survey respondents and support ticket data. Despite the breach, LexisNexis stated they have contained the situation and detected no impact on their operations.
Exploitation Techniques Used
Hackers reportedly exploited the React2Shell vulnerability and misconfigured AWS instances to extract over 2GB of data. The cybercriminals claimed access to a vast array of records, including corporate accounts, employee credentials, and sensitive personal information of around 400,000 individuals, with some government email accounts involved.
Data allegedly compromised includes names, emails, phone numbers, and job titles. The attack is said to have occurred in the preceding week, according to sources familiar with the hackers’ statements.
Historical Context of LexisNexis Breaches
LexisNexis has faced similar challenges previously. Last year, LexisNexis Risk Solutions confirmed that a breach involving a third-party vendor compromised data of over 360,000 individuals. Such incidents emphasize the ongoing challenges in protecting sensitive information against evolving cyber threats.
As companies continue to face cyber threats, the LexisNexis breach underscores the importance of robust cybersecurity measures and regular vulnerability assessments to safeguard sensitive data.
