Data Breach at LexisNexis Risk Solutions

40 points by susam 5 days ago | 11 comments
  • reverendsteveii 4 days ago
    I look forward to the settlement in which the company that collects my information with no consent and no opt-out and then fails to secure that information offers me credit monitoring that I can already get for free. Some lawyers will get very rich, though.
    • jayemar 4 days ago
      How do you get free credit monitoring?
    • T3OU-736 4 days ago
      The relation between GutHub creds being compromised and persional (Social Security) numbers being accessed is not obvious, and feels weird.

      Were SSNs in a GH repo?

      Credentials for GH access grabted access to the database with SSNs in it?

      Those both seem, in their own right, quite bad.

      • paddw 4 days ago
        sure sounds like it

        “An unauthorized third party acquired certain LNRS data from a third-party platform used for software development. The issue did not affect LNRS’s own networks or systems,” the company said

        • jeffwask 4 days ago
          As an Ops guy, this was my reaction too.
        • pards 4 days ago
          > The threat actor had accessed the company’s GitHub account and accessed "some software artifacts as well as some personal information."

          LexisNexis offers software to perform credit checks and sanctions screening so access to their source code is arguably more valuable than any personal data - it could be used to sidestep the regulatory steps in the financial system and facilitate fraud, money laundering etc.

          • 6stringmerc 4 days ago
            Now add in the growing trend of using AI generated video / voice emulation and it’s a highly effective attack vector.

            It’s already been used to direct funds in Asia from an actual financial institution to thieves. People still get phished on the regular. This is next level.

          • prepend 4 days ago
            The article says LNRS is headquartered in Atlanta, but it’s actually Alpharetta. [0]

            [0] https://en.wikipedia.org/wiki/LexisNexis_Risk_Solutions

            • hackernewshomos 4 days ago
              [flagged]
              • logic_node 4 days ago
                [flagged]
                • gruez 4 days ago
                  AI generated comment? Comment history also shows a pattern of comments.
                  • _xander 4 days ago
                    Wow—this being an AI generated comment is certainly a possibility. The proliferation of LLMs in online discussion spaces is accelerating and radically reshaping the modern web.

                    Identifying AI-generated comments often involves spotting patterns in tone, structure, and content. Here are the most common indicators: [1] Overly polished or formulaic structure, [2] Repetition or redundancy, [3] Unnatural verbosity or vagueness, [4] Subtle logical gaps (e.g., "LLMs are radically reshaping the modern web")

                    • Alive-in-2025 4 days ago
                      Could be. The acct name plus the comments all seem to have a certain kind of tonal quality, generic positive and no typos, the fact eal sign of humanity. It also has a lot of karma for a new account.