LexisNexis confirms data breach, says hackers hit customer and business info

News
By published

FulcrumSec leaked roughly 2GB of company data

Ransomware
(Image credit: Pixabay)
  • Hackers claim deeper access to LexisNexis data than company admits
  • Attack allegedly exposed government and corporate user data
  • LexisNexis insists stolen information is outdated

American analytics giant LexisNexis has confirmed suffering a data breach recently, but played down its importance by claiming the hackers only stole outdated and irrelevant data. The hackers, on the other hand, claim otherwise.

Recently, a threat actor calling itself FulcrumSec leaked 2GB of files on various underground forums, BleepingComputer reported, claiming it used React2Shell, an open source post-exploitation framework, against an unpatched React frontend app.

The group allegedly broke into a React container with access to hundreds of Redshift tables, VPC database tables, dozens of AWS Secrets Manager secrets (in plaintext) and employee password hashes, millions of database records, thousands of customer accounts, and more. From there, they were able to extract information related to more than 100 users with .gov email addresses, such as federal judges, US DoJ attorneys, SEC staff, and others. They also accessed roughly 400,000 cloud user profiles with real names, email addresses, phone numbers, and job functions.

Legacy, deprecated data

While LexisNexis did confirm the incursion, it played down its importance, saying the stolen data isn’t up to date, at all.

“These servers contained mostly legacy, deprecated data from prior to 2020, including information such as customer names, user IDs, business contact information, products used, customer surveys with respondent IP addresses, and support tickets,” a company spokesperson said.

“The impacted information did not contain Social Security numbers, driver’s license numbers, or any other sensitive personally identifiable information; credit card, bank accounts, or any other financial information; active passwords; or customer search queries, customer client or matter information, or customer contracts.”

FulcrumSec said it tried reaching out to LexisNexis (most likely demanding a ransom payment in exchange for deleting the data), but the company “decided not to work with us,” the crooks said.

LexisNexis now believes the attack is contained.

Best antivirus software header
The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.