Data analytics giant LexisNexis says hackers accessed legacy data in breach

Source: The Record

LexisNexis confirmed that information leaked on a cybercriminal forum on Mar. 3 is legitimate and related to a recent security incident. The breach emerged when a threat actor claimed they stole 2 gigabytes of information that included millions of records, contact information that included .gov email addresses, account records for government agencies and law firms, passwords, IT incident tickets and more. A spokesperson for LexisNexis’ Legal & Professional division confirmed that a threat actor gained access to a “limited number of servers” that contained “mostly legacy, deprecated data from prior to 2020, including information such as customer names, user IDs, business contact information, products used, customer surveys with respondent IP addresses, and support tickets.” LexisNexis' Legal & Professional branch is a service provider for law firms and governments around the world, with nearly 12,000 employees and customers in 150 countries. Full Story