LexisNexis Data Breach: Limited Impact Despite Hackers’ Claims

LexisNexis Data Breach: Limited Impact Despite Hackers’ Claims

Posted on By CWS

LexisNexis Data Breach Confirmed

LexisNexis has verified a data breach following the release of sensitive data by hackers, although the company asserts that the fallout is minimal. The breach, reported by hackers on a cybercrime forum, involved an unsuccessful extortion attempt directed at the legal and risk solutions firm.

Details of the Cyber Intrusion

The breach was publicized on Tuesday when hackers disclosed their unauthorized access attempts. According to LexisNexis representatives, the intrusion involved some servers but primarily affected legacy systems holding outdated data from before 2020. The corporation assured that the core functions of their services remain uncompromised.

Compromised information includes customer names, user IDs, and contact details, in addition to IP addresses of survey respondents and support ticket data. Despite the breach, LexisNexis stated they have contained the situation and detected no impact on their operations.

Exploitation Techniques Used

Hackers reportedly exploited the React2Shell vulnerability and misconfigured AWS instances to extract over 2GB of data. The cybercriminals claimed access to a vast array of records, including corporate accounts, employee credentials, and sensitive personal information of around 400,000 individuals, with some government email accounts involved.

Data allegedly compromised includes names, emails, phone numbers, and job titles. The attack is said to have occurred in the preceding week, according to sources familiar with the hackers’ statements.

Historical Context of LexisNexis Breaches

LexisNexis has faced similar challenges previously. Last year, LexisNexis Risk Solutions confirmed that a breach involving a third-party vendor compromised data of over 360,000 individuals. Such incidents emphasize the ongoing challenges in protecting sensitive information against evolving cyber threats.

As companies continue to face cyber threats, the LexisNexis breach underscores the importance of robust cybersecurity measures and regular vulnerability assessments to safeguard sensitive data.

Security Week News Tags:, , , , , , , , ,

Related Posts

Dropzone AI Raises Million for Autonomous SOC Analyst Dropzone AI Raises $37 Million for Autonomous SOC Analyst Security Week News
Many Attacks Aimed at EU Targeted OT, Says Cybersecurity Agency Many Attacks Aimed at EU Targeted OT, Says Cybersecurity Agency Security Week News
Russian APT Exploiting 7-Year-Old Cisco Vulnerability: FBI Russian APT Exploiting 7-Year-Old Cisco Vulnerability: FBI Security Week News
UK Imposes M Fine on Reddit for Child Data Breaches UK Imposes $20M Fine on Reddit for Child Data Breaches Security Week News
CISA Warns of Two Exploited TeleMessage Vulnerabilities  CISA Warns of Two Exploited TeleMessage Vulnerabilities  Security Week News
Google DeepMind’s New AI Agent Finds and Fixes Vulnerabilities  Google DeepMind’s New AI Agent Finds and Fixes Vulnerabilities  Security Week News