- Lexisnexis suffered a data violation after a cyber attack
- Personal information has been taken with approximately 360,000 users
- Not everyone is satisfied with the organization’s response calendar
The lexisnexis risk analysis and risk management company has revealed a cyber attack that led to a data theft affecting 364,333 individuals.
In a notification letter sent to affected persons, the company says that a “unauthorized part” had access to a third-party software development platform and stole the data.
According to the company, no sensitive personal information has been accessible, no more financial information or credit cards, and the infrastructure, organizational systems and products also remain without compromise.
Affected information
“Our information security team, in consultation with a medical-legal company, immediately started investigating and confirmed that certain data that was in Github … were acquired by an unknown third party. More specifically, we have determined that certain software artefacts as well as certain personal information has been accessible, “said Lexisnexisis The register.
Disclosed information includes names, telephone numbers, e -mail addresses, domestic addresses, SSN and driving license details – enough to arouse the concern of any affected person. Take a look at the best identity flight monitoring services if you are concerned.
However, not everyone is impressed by the Lexisnexus response calendar. Dr. Ilia Kolochenko, CEO of Immuniweb, explains;
“The calendar of the detection and disclosure of incidents is a bit surprising for a company offering legal services and other relatively sensitive services: the incident would have been produced in December 2024, was detected in April 2025 after receiving information from the attackers, while timing is disclosed in May. Since many personal data would have been compromised. ”.
“The legal consequences of this incident can cost many dollars to the violation company – made up of regulatory sanctions, legal fees and a probable settlement agreement with the victims. Unfortunately, as the practice demonstrates, the victims will probably obtain two or three figures compensation for the incident in the best scenario. ”
LexISNEXIS is far from the first company to be affected by an offense like this, with companies like Co-OP and Marks and Spencers offering excuses for the effects of cyber attacks that hit retailers in May 2025.
