LexisNexis, TriZetto Hit by Data Breaches

The LexisNexis breach, executed by the group FulcrumSec, involved the theft of 2.04 GB of data, including 400,000 personal information records. The attackers exploited a React2Shell vulnerability in an unpatched application, gaining access to LexisNexis's AWS infrastructure. The compromised data primarily consisted of legacy information from before 2020, such as customer names, user IDs, and business contact details. The threat actor claimed to have obtained millions of records, including enterprise account data, employee credentials, and personal data, also suggesting they attempted extortion. LexisNexis has stated that the matter is contained and that there is no evidence of compromise to its products and services. This incident follows a 2024 breach at a third-party vendor that compromised the information of over 360,000 people. The TriZetto breach exposed names, addresses, birth dates, Social Security numbers, health insurance details, and provider information of 3.4 million individuals. Unauthorized access to TriZetto's systems began in November 2024 and was detected on October 2, 2025. The attackers accessed historical eligibility transaction reports on a web portal used by healthcare providers. TriZetto is offering affected individuals 12 months of free identity protection services, including credit monitoring. The company has also implemented additional security protocols and engaged cybersecurity experts to investigate the incident. This breach ranks as one of the largest healthcare data breaches confirmed this year. For Splunk engineers focused on DoD compliance, these breaches highlight the importance of detection rules for data exfiltration and identity-based attacks. Splunk can ingest syslog data to create detection rules for authentication failures, unauthorized access attempts, and suspicious network connections. Implementing a Zero Trust architecture, as mandated by the DoD, is crucial to continuously verify access requests and protect against both internal and external threats. The DoD Zero Trust framework is built on seven pillars, including User, Device, and Data, emphasizing continuous monitoring and automated responses.