LexisNexis Data Breach

Classifications:

* Attack Method: Insufficient Anti-automation
* Country: USA
* Outcome: Leakage of Information
* Vertical: Information Services

The LexisNexis data breach is not new, but we have recently decided to start tracking abuse of insufficient automation measures and are adding historical incidents.

In this incident a group of people opened accounts at data broker LexisNexis and used automated tools to extract a large amount of personal information provided by the service.

As usual in such cases there is a question of whether the attack was a criminal activity, violation of the license agreement of the information provider or plainly legal. In this regard it is interesting to note that the group arrested in the incident was also responsible for the hacking to Paris Hilton Vodafone account, which was clearly an unlawful act.