[[{“value”:”
LexisNexis Risk Solutions has disclosed a significant data breach affecting approximately 364,000 individuals after discovering that an unauthorized third party gained access to sensitive personal information through a compromised third-party software development platform.
The cybersecurity incident, which LexisNexis learned about on April 1, 2025, actually occurred on December 25, 2024, when attackers successfully acquired data from an external platform used for software development purposes.
The breach notification reveals that the incident did not directly compromise LexisNexis’s own internal networks or systems, but rather affected data stored on a third-party platform utilized for development activities.
The company, which provides risk management services to business customers, immediately launched a comprehensive investigation with assistance from leading external cybersecurity experts upon discovering the unauthorized access.
Law enforcement was promptly notified, and the organization initiated extensive security control reviews to prevent future incidents.
The compromised personal information varies by affected individual but potentially includes highly sensitive data such as names, contact information including phone numbers and postal or email addresses, Social Security numbers, driver’s license numbers, and dates of birth.
Notably, LexisNexis confirmed that no financial or credit card information was affected in this breach, and the company reports no evidence that the stolen data has been further misused.
The scope of 364,000 affected individuals makes this a substantial breach requiring mandatory notifications under various state and federal data protection regulations.
Third-Party Platform Vulnerabilities and Supply Chain Security
The LexisNexis incident highlights critical vulnerabilities in third-party software development platforms and the broader challenges of supply chain security management.
The breach occurred through what appears to be a compromised development environment, demonstrating how attackers increasingly target third-party vendors and service providers as entry points to access sensitive data from major organizations.
This attack vector has become particularly concerning for cybersecurity professionals as it exploits the trust relationships between organizations and their technology partners, often circumventing direct security measures implemented by the primary target.
LexisNexis has responded by offering affected individuals complimentary identity protection and credit monitoring services through Experian IdentityWorks for 24 months, along with identity restoration support.
The company established a dedicated helpline at 1-833-918-9002 for affected individuals and provided comprehensive guidance on credit monitoring, fraud alerts, and security freeze options to help mitigate potential identity theft risks.
Celebrate 9 years of ANY.RUN! Unlock the full power of TI Lookup plan (100/300/600/1,000+ search requests), and your request quota will double.
The post LexisNexis Risk Solutions Data Breach Exposes 364,000 individuals personal Data appeared first on Cyber Security News.
“}]]
Read More Cyber Security News