- Lexisnexis has suffered a data violation after a cyber attack
- Personal information was taken that affected around 360,000 users
- Not everyone is happy with the organization’s response timeline.
The data analysis and risk management firm Lexisnexis has revealed a cyber attack that resulted in the theft of data that affected 364,333 people.
In a notification letter sent to those affected, the company states that an “unauthorized part” obtained access to a third -party software development platform and stole the data.
According to the firm, no confidential personal information was accessed, or financial information or credit card, and infrastructure, systems and products of the organization also still do not compromise.
Affected information
“Our information security team, in consultation with a forensic firm, immediately began to investigate and confirmed that some data that were carried out in Github … were acquired by an unknown third party. Specifically, we have determined that some software artifacts were accessed, as well as certain personal information.” The registration.
The filtered information includes names, telephone numbers, email addresses, housing addresses, SSN and details of the driver’s license, sufficient to cause concern for any affected person. Take a look at the best identity robbery monitoring services if you worry.
However, not everyone is impressed with the Lexisnexus response timeline. Dr. Ilia Kolochenko, CEO of Immunweb, explains;
“The schedule of the detection and dissemination of incidents is a bit surprising for a company that offers legal services and other comparatively delicate services: the incident was detected in December 2024, it was detected in April 2025 after receiving information from the attackers of the attackers, while it was only revealed in May. Since it was reported that many personal data were committed, the time of detection of incidents and the response time are quite Far from being perfect, to express it, “.
“The legal consequences of this incident can cost many dollars to the non -compliance company: to be composed of regulatory sanctions, legal fees and a probable agreement with the victims. Unfortunately, as the practice demonstrates, the victims will probably obtain compensation of two or three digits of three or three digits for the incident in the best case scenario.”
Lexisnexis is far from being the first company to be affected by a violation like this, with companies such as CO-OP and Marks and Spencers that apologize for the effects of cyber attacks that affected retailers in May 2025.
