LexisNexis Danger Options has disclosed a major knowledge breach affecting roughly 364,000 people after discovering that an unauthorized third celebration gained entry to delicate private info via a compromised third-party software program improvement platform.
The cybersecurity incident, which LexisNexis realized about on April 1, 2025, truly occurred on December 25, 2024, when attackers efficiently acquired knowledge from an exterior platform used for software program improvement functions.
The breach notification reveals that the incident didn’t immediately compromise LexisNexis’s personal inside networks or programs, however moderately affected knowledge saved on a third-party platform utilized for improvement actions.
The corporate, which supplies threat administration companies to enterprise prospects, instantly launched a complete investigation with help from main exterior cybersecurity specialists upon discovering the unauthorized entry.
Legislation enforcement was promptly notified, and the group initiated intensive safety management evaluations to stop future incidents.
The compromised private info varies by affected particular person however doubtlessly consists of extremely delicate knowledge comparable to names, contact info together with cellphone numbers and postal or e mail addresses, Social Safety numbers, driver’s license numbers, and dates of delivery.
Notably, LexisNexis confirmed that no monetary or bank card info was affected on this breach, and the corporate studies no proof that the stolen knowledge has been additional misused.
The scope of 364,000 affected people makes this a considerable breach requiring necessary notifications underneath varied state and federal knowledge safety laws.
Third-Social gathering Platform Vulnerabilities and Provide Chain Safety
The LexisNexis incident highlights vital vulnerabilities in third-party software program improvement platforms and the broader challenges of provide chain safety administration.
The breach occurred via what seems to be a compromised improvement surroundings, demonstrating how attackers more and more goal third-party distributors and repair suppliers as entry factors to entry delicate knowledge from main organizations.
This assault vector has change into notably regarding for cybersecurity professionals because it exploits the belief relationships between organizations and their know-how companions, typically circumventing direct safety measures carried out by the first goal.
LexisNexis has responded by providing affected people complimentary id safety and credit score monitoring companies via Experian IdentityWorks for twenty-four months, together with id restoration assist.
The corporate established a devoted helpline at 1-833-918-9002 for affected people and offered complete steering on credit score monitoring, fraud alerts, and safety freeze choices to assist mitigate potential id theft dangers.
Rejoice 9 years of ANY.RUN! Unlock the total energy of TI Lookup plan (100/300/600/1,000+ search requests), and your request quota will double.
