On December 25, 2024, while most businesses were offline, a serious data breach struck LexisNexis Risk Solutions—exposing the personal data of over 360,000 individuals. The twist? The attack vector wasn’t a direct hack, but an indirect compromise through a third-party GitHub repository. Even more concerning, the breach went undetected until April 1, 2025.
In this episode, we break down the timeline, scope, and implications of the LexisNexis incident. We examine how the company’s own privacy principles—centered on accountability, security, and privacy-by-design—stack up against what actually happened.
We’ll also explore:
- The role of third-party platforms in modern breaches
- Why detection delays remain a persistent issue
- How this breach compares with past major incidents, like Equifax and Yahoo
- What this means for the future of privacy frameworks and enterprise security postures
As data breaches become increasingly common and complex, this case raises critical questions: Are published privacy principles enough? And what can companies do to truly align policy with practice?
🔐 Tune in to find out—and what enterprises must do to avoid being next.
