Send us a text

We explore the recent LexisNexus data breach that exposed sensitive personal information of over 364,000 individuals through a third-party platform accessing their GitHub account. This incident highlights critical vulnerabilities in how data brokers handle our most sensitive information and raises questions about regulatory oversight.

• Data exposed included names, date of birth, phone numbers, social security numbers, and driver's license numbers
• The breach occurred when someone accessed the company's GitHub account through a third-party platform
• Attackers likely found hard-coded credentials that allowed them to move laterally through systems 

• Data brokers operate with minimal regulation despite handling massive amounts of sensitive information
• Better governance policies and automated privacy operations could significantly reduce these risks
• Both technical solutions and regulatory approaches are needed to protect consumer data

• Breach Occurred: December 25, 2024.
• Discovery: April 1, 2025.
• Public Notification: May 27, 2025.
• Notice Letters Sent: May 24, 2025.

Shameless plus: Check out tools like Transcend's autonomous privacy operations to help prevent similar incidents and continue to monitor your privacy activities.

Support the show