 |
Privacy PleaseAuthor: Cameron Ivey
Tune into "Privacy Please," where hosts Cam and Gabe engage with privacy and security professionals around the planet. They bring expert insights to the table and break down complicated tech stuff everyone can understand. Language: en Genres: Comedy, News, Tech News Contact email: Get it Feed URL: Get it iTunes ID: Get it |
Listen Now...
S6, E244: They didn't hack in, they just logged in: The LexisNexis Security Incident
Tuesday, 3 June, 2025
Send us a textWe explore the recent LexisNexus data breach that exposed sensitive personal information of over 364,000 individuals through a third-party platform accessing their GitHub account. This incident highlights critical vulnerabilities in how data brokers handle our most sensitive information and raises questions about regulatory oversight.• Data exposed included names, date of birth, phone numbers, social security numbers, and driver's license numbers• The breach occurred when someone accessed the company's GitHub account through a third-party platform• Attackers likely found hard-coded credentials that allowed them to move laterally through systems • Data brokers operate with minimal regulation despite handling massive amounts of sensitive information• Better governance policies and automated privacy operations could significantly reduce these risks• Both technical solutions and regulatory approaches are needed to protect consumer dataBreach Occurred: December 25, 2024.Discovery: April 1, 2025.Public Notification: May 27, 2025.Notice Letters Sent: May 24, 2025.Shameless plus: Check out tools like Transcend's autonomous privacy operations to help prevent similar incidents and continue to monitor your privacy activities. Support the show
