from Hacker News

Data Breach at LexisNexis Risk Solutions

by susam on 5/29/25, 10:00 AM with 11 comments

  • by reverendsteveii on 5/29/25, 3:32 PM

    I look forward to the settlement in which the company that collects my information with no consent and no opt-out and then fails to secure that information offers me credit monitoring that I can already get for free. Some lawyers will get very rich, though.

  • by T3OU-736 on 5/29/25, 3:30 PM

    The relation between GutHub creds being compromised and persional (Social Security) numbers being accessed is not obvious, and feels weird.

    Were SSNs in a GH repo?

    Credentials for GH access grabted access to the database with SSNs in it?

    Those both seem, in their own right, quite bad.

  • by pards on 5/29/25, 11:49 AM

    > The threat actor had accessed the company’s GitHub account and accessed "some software artifacts as well as some personal information."

    LexisNexis offers software to perform credit checks and sanctions screening so access to their source code is arguably more valuable than any personal data - it could be used to sidestep the regulatory steps in the financial system and facilitate fraud, money laundering etc.

  • by prepend on 5/29/25, 11:08 AM

    The article says LNRS is headquartered in Atlanta, but it’s actually Alpharetta. [0]

    [0] https://en.wikipedia.org/wiki/LexisNexis_Risk_Solutions