I’m betting the last 6 weeks have set hearts a racing in the top echelons, here’s another business challenge that the CEO so enjoys…..
The hacker group FulcrumSec is taking responsibility for a data breach of information from LexisNexis.
The group claims to have hacked into the LexisNexis servers on Feb. 24. It posted about the hack and alleged it got access to over 2 gigabytes of structured data.
“We exfiltrated 2.04 GB of structured data from LexisNexis AWS infrastructure – account [REDACTED] — via a vulnerable React container running under the [REDACTED] task role — which had been granted access to the production Redshift data warehouse, 17 VPC databases, AWS Secrets Manager and the Qualtrics survey platform. 536 Redshift tables. 430+ VPC database tables. Complete AWS Secrets Manager with 53 secrets. 3.9 million database records. Approximately 400,000 cloud user profiles with real names, emails, phone numbers, and job functions – 118 users with .gov email addresses: federal judges, DOJ attorneys, SEC staff, and federal court law clerks,” wrote a FulcrumSec member.
2 NEWS reached out to LexisNexis for information on the hack and its next steps. The company did not specify how much data was breached.
“LexisNexis Legal & Professional has investigated a security matter and based on the investigation and testing we have done to date, we believe the matter is contained. We have no evidence of compromise of or impact to our products and services. We engaged a preeminent cybersecurity forensic firm to assist in our investigation and response and have reported this issue to law enforcement,” wrote LexisNexis Legal and Professional spokesperson.
The spokesperson continued, explaining that multiple servers were reached by an unauthorized party. She said most of the data was older, from before 2020. It included customer names, user IDs, business contact information, products used, customer surveys with respondent IP addresses and support tickets.
“The impacted information did not contain Social Security numbers, driver’s license numbers, or any other sensitive personally identifiable information; credit card, bank accounts, or any other financial information; active passwords; or customer search queries, customer client or matter information, or customer contracts,” wrote the spokesperson.
She said the company works to safeguard customer information and has told anyone impacted.
“We take our responsibility to safeguard customer information extremely seriously and have informed impacted current and previous customers of this matter. We are continuing to investigate and have implemented containment and remediation steps, in coordination with our expert cybersecurity forensic firm,” wrote the spokesperson.
https://www.wkbn.com/news/ohio/lexisnexis-hacked-2-gb-of-structured-data-allegedly-exposed/
