June 3, 2025 • 15 mins
We explore the recent LexisNexus data breach that exposed sensitive personal information of over 364,000 individuals through a third-party platform accessing their GitHub account. This incident highlights critical vulnerabilities in how data brokers handle our most sensitive information and raises questions about regulatory oversight.
• Data exposed included names, date of birth, phone numbers, social security numbers, and driver's license numbers
• The breach occurred when someone accessed the company's GitHub account through a third-party platform
• Attackers likely found hard-coded credentials that allowed them to move laterally through systems
• Data brokers operate with minimal regulation despite handling massive amounts of sensitive information
• Better governance policies and automated privacy operations could significantly reduce these risks
• Both technical solutions and regulatory approaches are needed to protect consumer data
- Breach Occurred: December 25, 2024.
- Discovery: April 1, 2025.
- Public Notification: May 27, 2025.
- Notice Letters Sent: May 24, 2025.
Shameless plus: Check out tools like Transcend's autonomous privacy operations to help prevent similar incidents and continue to monitor your privacy activities.
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Speaker 1 (00:00):
All righty then.
Ladies and gentlemen, welcomeback to another episode of
Privacy.
Please, cameron Ivey, here withGabe Gumbs, we're just hanging
out, we're chatting, there'ssome things going on every day.
Speaker 2 (00:10):
We're bopping and scatting.
Yes, we are Bopping andscatting.
By the way, have you seenSinners yet Negative?
I have not.
I've heard that I should, butAbsolutely yeah 100, absolutely
yeah, 100, yeah.
Speaker 1 (00:29):
Go see it if you're a fan of music and history and
just a good overall movie and alittle bit of horror thrown in
there I like sinners, they're mypeople so good, so good.
I mean, anyways, we don't haveto dig into that, obviously.
But uh, if you ever get achance, phenomenal movie there,
a phenomenal movie.
There's a lot of haters, butthere's always haters.
Don't at us, don't at us.
Gabe, you doing all right, man,how are things?
Speaker 2 (00:53):
Doing well.
I'm doing well out here,surviving in a land of privacy
and security mostly security atthe moment.
But you know how are you doingover there in privacy land?
Speaker 1 (01:03):
Privacy.
Land is good we.
How are you doing over there inprivacy?
Speaker 2 (01:06):
land, privacy, land is good.
We're living the dream, are you?
Because I heard there was anincident recently.
Speaker 1 (01:14):
One of the biggest data brokers.
There definitely was.
Let's talk about it.
Lexisnexis, you are up on thehot seat the intersection of
privacy and security.
Speaker 2 (01:25):
So there was a security breach at a data broker
, right Like you want to talkabout the ultimate of
intersection of like bad thingshappening in privacy and bad
things happening in securityCompanies getting breached,
naughty Data broker gettingbreached all the naughty, oh
yeah.
Speaker 1 (01:41):
Let's break it down.
Speaker 2 (01:42):
They got breached.
As I understand it, someoneaccessed nexus lexus's github
account through a third-partyplatform.
Now what I find interestingabout that as the source of the
breaches we have?
We have a saying amongst ushackers, ethical and otherwise,
so we don't usually hack in ifwe're being honest, usually just
(02:03):
log in.
We don't usually hack in ifwe're being honest.
Speaker 1 (02:06):
We usually just log in Because humans suck at
managing secrets.
Speaker 2 (02:10):
They just do the humans are really bad at
managing all kinds of secrets,and so that LexisNexis had their
GitHub account accessed througha third-party platform is
unfortunate and, for what it'sworth, I do feel for the people
at LexisNexis Some really goodfolks over there doing some
solid work.
Mostly, I like the platform.
I'm not a big fan of databrokers though I'm not a big fan
of data brokers at all.
(02:30):
Everyone knows how I feel aboutdata brokers, so there's that
we're not going to harp on thattoo much, but there was a whole
lot of data exposed.
What did they expose?
Names, data birds, phonenumbers, email, social security
numbers, driver's licensenumbers right, not just like
email addresses and passwords,but like real sensitive data,
socials, driver's licenses thekind of stuff that can do a lot
of actual harm, a lot of realharm.
Speaker 1 (02:52):
Yeah, that's why I bet you someone here listening
has had their information usedfor someone opening up an
account or a new cell phone planor something to that matter.
Speaker 2 (03:05):
I don't know what the numbers are because I don't
follow them, but I'd put goodcash that it's a calculable
percentage of our listeners thathave come across.
Speaker 1 (03:15):
Something, Even if it was just minor, it had.
What was it?
Over 364,000 people wereaffected by this.
Speaker 2 (03:22):
You could say well, in a nation of 480 million
people, gabe, that's not a lotof people.
Huh, you could say that youcould, but say that to 64,000
plus people, which you might beone of them.
Speaker 1 (03:33):
Right, you might be, so you might want to go find out
.
Speaker 2 (03:36):
Yeah.
So what does this mean?
(03:56):
Why is this important?
What does this mean for?
And then for?
The data brokers have somefabulous lobbies as well.
It's been hard to raise thisalarm, even amongst consumers.
Honestly, I know they get it, Iknow they know it, but actively
coming together and organizingis difficult, and those very
same lobbies will will equallyput efforts towards ensuring
(04:17):
that consumers don't cometogether on this, but it
continues to raise that alarmabout how data brokers handle
sensitive data.
Having a third party be able toaccess the company's GitHub
account.
It's problematic enough.
What we don't know is whetheror not, for example, there was
sensitive data sitting in theGitHub account, and that's how
they then got the sensitive data, because that would be extra
bad.
Why do you have people'ssensitive data sitting in GitHub
(04:40):
?
The truth is, they probably gotto the company's GitHub account
.
The GitHub account probably hadsome secrets hard-coded inside
of it.
The secrets were then used tofurther move laterally inside of
the account and then elevateprivileges, et cetera, et cetera
, et cetera, again logged in thewhole way.
They just logged their wayright through the 364,000 of
(05:02):
these.
Speaker 1 (05:03):
It's just like a house party going on, and then
they just walked right throughthe front door.
Speaker 2 (05:07):
Grab a red cup at the door, taps in the back.
Speaker 1 (05:12):
Just went into all the bedrooms, yeah.
Speaker 2 (05:15):
Put his feet up on.
Speaker 1 (05:16):
just made a sandwich, yeah yeah, yeah, whoa, whoa,
nobody noticed.
Speaker 2 (05:19):
Whoa whoa, no good, no good, yeah.
And yeah, whoa whoa, nobodynoticed.
Whoa whoa, no good, no good,yeah.
And this happened back inNovember of 2024, and so it's
coming out now.
Yep, you know, that's the otherproblem, that's the other
problem.
Speaker 1 (05:33):
That's a good.
I'm not a numbers guy, butthat's those are bad numbers.
That's well over six months oftime gap.
Speaker 2 (05:56):
That's well over six months of time gap, the leak.
It's putting too much credit onthe bad guys that got in and
not enough onus on the good guysand their governance around how
third parties have access totheir GitHub accounts and what
might be in GitHub that can thenpossibly let someone else move
further down the attack path.
(06:16):
There is not enough of that.
Speaker 1 (06:19):
Gabe, do we have any more information on what the
third-party tool was?
We?
Speaker 2 (06:24):
don't know right now, but GitHub has tons of
integrations, right?
Right, tons of third-partyintegrations and, more
importantly, you can simply justintegrate with its API, right?
Like you know, it has abeautifully well-documented API
that ungodly numbers of peopleuse.
I mean, github themselvesadvertise.
They've got over a millionpeople in the platform.
I use the platform for variousprojects and so, yeah, no, we
(06:48):
don't know what that third-partytool was, but I guess what I'm
getting at is that lessimportant should even be placed
on what that tool was.
It was the API access grantedto that tool that allowed this
series of events to occur.
Speaker 1 (07:01):
Is this a common hack in the way that they went in?
Speaker 2 (07:04):
It's unfortunately a common breach vector.
It's very much a common vectorfor breaches.
At this point, the following isme guessing at things, but
especially things like leavingcredentials inside of code,
hard-coding credentials in thescripts and codes and other
(07:24):
things and then syncing thosethings with your Git
repositories.
There are lots of ways Gititself will search for secrets
in your repositories and tellyou things, and there are
third-party tools that will helpyou search your Git repos for
secrets and you know if you'redoing things properly.
You should have your Git ignorefiles, even locally, as a
(07:45):
developer set up to not commitsecrets.
That's not enough, like you'vegot to layer that approach to do
all those things.
Speaker 1 (07:53):
Well, aside from that , I mean, what kind of measures
should those using third-partytools?
Kind of, what are the basicthings that should be besides
what you just named?
Is there anything else usingthird-party tools?
Kind of, what are the basicthings that should be besides
what you just named?
Is there anything else?
Speaker 2 (08:06):
First step is just governance being very
prescriptive in what accessthose third-party tools have
access to.
And then the flip side of thatcoin is interrogating the things
that they have access to toensure that there are no secrets
in there that the third partyshouldn't have access to See.
There are no secrets in therethat the third party shouldn't
have access to see.
Part of the challenge issometimes the secrets are in
(08:26):
there intentionally so that thethird party can, but that's not
a good way to manage secrets sowhat do you think this means?
Speaker 1 (08:32):
I mean, I know that that's uh data brokers are.
They seem to not have, theyseem to have more leeway.
Speaker 2 (08:40):
Be nice to see some stricter regulations put in
place in lieu of stricterregulations, I'll take bigger
fines, or that yeah.
I'll take bigger fines and I'mnot a big regulation fine guy
and I know I've gotten feedbackfrom some of my listeners that
they don't like it when I talkabout things like that damn
(09:02):
they're listening to us talk,but they don't want to hear you
talk.
Speaker 1 (09:04):
That's right.
They don't want to hear youtalk.
Speaker 2 (09:05):
They listen to me, that's right, they don't want to
hear me talk they want me tosay what they want me to say.
It's okay, though, the flipside of this, because you know
we we also talk a lot abouttechnology there there is are
not a shortage of technologysolutions to this problem also
to also overlay our governancesolutions, and there are robust
automated privacy operationstools that can assist with you
(09:26):
know, identifying secrets andensuring that they don't end up
in places you don't want them.
Speaker 1 (09:31):
Right.
A lot of things that you can do, a lot of good tools out there
that can automate and makethings more efficient and stop
collecting data you don't need.
Speaker 2 (09:43):
I mean when you're a data broker, there's no such
thing, I guess.
Speaker 1 (09:46):
Yeah, well, that I mean aside from them.
We know what they're doing.
But good lesson learned.
Hopefully they get a big finefor this one, so it makes all
the others kind of LexisNexis isprobably not going to.
Speaker 2 (09:58):
I don't see them getting fined, quite frankly,
and look again, I'm not superinterested in fining them.
They them getting fined quitefrankly.
And look again, I'm not superinterested in fining them.
They can pay a fine and I'drather take that fine and have
them invest it in bettergovernance policies, better
automated privacy operations.
I'd rather see that happen.
Speaker 1 (10:12):
I'd rather see the legislation.
Speaker 2 (10:14):
Yeah, exactly.
Speaker 1 (10:16):
If they're going to sell it legally, it doesn't
matter Well, that's thechallenge.
Speaker 2 (10:19):
If they're going to be legally allowed to sell it
anyway, then this is where weshould have some controls in
place to at least enforce betterbehavior.
You have private regulatoryrequirements like PCI, right
Payment Card IndustryAssociation.
They get together and they sayhey, if you want to be part of
our little cartel here, there'ssome rules you have to follow.
(10:39):
And so PCI calls explicitly forrules around how you protect
cardholder data.
That's a private initiative.
Why can PCI not be replicatedat the national level for
something like a data broker?
There's no reason.
There's zero reasons.
Speaker 1 (10:54):
That's a good point.
There's no reason Anything elsethat comes to mind about this
situation, Gabe that when itcomes to either privacy measures
or even backup stuff, On theconsumer side of things, you
know a healthy, friendlyreminder to continue to monitor
your privacy activities.
Speaker 2 (11:13):
On the corporate side of things, I mean, I think I'll
shamelessly plug it in there,but you know things like
Transcend's autonomous privacyoperations.
I'm listing it because I knowit.
But those are the things thatneed to happen.
And if you have to reactivelywait until someone says, hey,
you did the bad thing to do thatyou may be looking at this the
(11:33):
wrong way.
What do I get for shamelesslyplugging that?
By the way, send me a t-shirt.
Speaker 1 (11:38):
Can I get a t-shirt?
I'll get you a t-shirt.
All right, I'll take a t-shirt.
Speaker 2 (11:40):
I'll get you a t-shirt.
All right, I'll take a t-shirt.
I'll take a t-shirt and a mug.
Speaker 1 (11:45):
And a mug, all right.
Speaker 2 (11:47):
No, but seriously, I think the reason why I do bring
up technology in this is it is aproblem that is difficult to
solve with just humans.
Yeah, and humans are busytrying to do the work that
they're trying to do, right,like whoever committed that
secret into that LexisNexisGitHub repo.
I don't blame that person.
Again, it's not their fault.
There needs to be bettergovernance surrounding that
(12:09):
entire community of employeesperforming these activities to
do those things.
That's what needs to happen,and then there needs to be again
.
I'd really prefer some freakinglegislation around these data
brokers.
It's just a wild west for databrokers, man.
It's crazy tough.
It's way, way too wild west fordata brokers, and every single,
every single citizen is harmedby it, and any citizen that
(12:30):
thinks they're not harmed by itjust doesn't realize they're
being harmed.
Speaker 1 (12:33):
This might be a hot take, Gabe, but I'm pretty sure
that's what they want.
Speaker 2 (12:39):
I think you might be right.
Speaker 1 (12:40):
Why do you think that they have such free reign?
I think you might be right whydo you think that they have such
free reign?
I think you might be right,because there's so much power in
money and personal information.
Speaker 2 (12:48):
Yeah, sure.
Speaker 1 (12:51):
Funny how that goes.
Okay well, I don't think I haveanything else on this topic.
Speaker 2 (12:54):
Some links Love to get some feedback, you should
tag.
Heidi.
Heidi loves a good data broker.
Speaker 1 (12:59):
She does, she does I'm sure she's already talked
about it data broker she does,she does.
Speaker 2 (13:03):
I'm sure she's already talked about it.
I'm certain she's, she's, she'son this one hot.
Speaker 1 (13:06):
Yeah, but anyways, thanks for thanks for always
listening guys and if, ifanything, send us your questions
, your comments, anything we'dlove to hear back from you.
It's just to make sure thatwe're talking about the right
stuff, or if you have anyone.
All righty then.
Ladies and gentlemen, welcomeback to another episode of
Privacy.
Please, cameron Ivey, here withGabe Gumbs, we're just hanging
out, we're chatting, there'ssome things going on every day.
Speaker 2 (00:10):
We're bopping and scatting.
Yes, we are Bopping andscatting.
By the way, have you seenSinners yet Negative?
I have not.
I've heard that I should, butAbsolutely yeah 100, absolutely
yeah, 100, yeah.
Speaker 1 (00:29):
Go see it if you're a fan of music and history and
just a good overall movie and alittle bit of horror thrown in
there I like sinners, they're mypeople so good, so good.
I mean, anyways, we don't haveto dig into that, obviously.
But uh, if you ever get achance, phenomenal movie there,
a phenomenal movie.
There's a lot of haters, butthere's always haters.
Don't at us, don't at us.
Gabe, you doing all right, man,how are things?
Speaker 2 (00:53):
Doing well.
I'm doing well out here,surviving in a land of privacy
and security mostly security atthe moment.
But you know how are you doingover there in privacy land?
Speaker 1 (01:03):
Privacy.
Land is good we.
How are you doing over there inprivacy?
Speaker 2 (01:06):
land, privacy, land is good.
We're living the dream, are you?
Because I heard there was anincident recently.
Speaker 1 (01:14):
One of the biggest data brokers.
There definitely was.
Let's talk about it.
Lexisnexis, you are up on thehot seat the intersection of
privacy and security.
Speaker 2 (01:25):
So there was a security breach at a data broker
, right Like you want to talkabout the ultimate of
intersection of like bad thingshappening in privacy and bad
things happening in securityCompanies getting breached,
naughty Data broker gettingbreached all the naughty, oh
yeah.
Speaker 1 (01:41):
Let's break it down.
Speaker 2 (01:42):
They got breached.
As I understand it, someoneaccessed nexus lexus's github
account through a third-partyplatform.
Now what I find interestingabout that as the source of the
breaches we have?
We have a saying amongst ushackers, ethical and otherwise,
so we don't usually hack in ifwe're being honest, usually just
(02:03):
log in.
We don't usually hack in ifwe're being honest.
Speaker 1 (02:06):
We usually just log in Because humans suck at
managing secrets.
Speaker 2 (02:10):
They just do the humans are really bad at
managing all kinds of secrets,and so that LexisNexis had their
GitHub account accessed througha third-party platform is
unfortunate and, for what it'sworth, I do feel for the people
at LexisNexis Some really goodfolks over there doing some
solid work.
Mostly, I like the platform.
I'm not a big fan of databrokers though I'm not a big fan
of data brokers at all.
(02:30):
Everyone knows how I feel aboutdata brokers, so there's that
we're not going to harp on thattoo much, but there was a whole
lot of data exposed.
What did they expose?
Names, data birds, phonenumbers, email, social security
numbers, driver's licensenumbers right, not just like
email addresses and passwords,but like real sensitive data,
socials, driver's licenses thekind of stuff that can do a lot
of actual harm, a lot of realharm.
Speaker 1 (02:52):
Yeah, that's why I bet you someone here listening
has had their information usedfor someone opening up an
account or a new cell phone planor something to that matter.
Speaker 2 (03:05):
I don't know what the numbers are because I don't
follow them, but I'd put goodcash that it's a calculable
percentage of our listeners thathave come across.
Speaker 1 (03:15):
Something, Even if it was just minor, it had.
What was it?
Over 364,000 people wereaffected by this.
Speaker 2 (03:22):
You could say well, in a nation of 480 million
people, gabe, that's not a lotof people.
Huh, you could say that youcould, but say that to 64,000
plus people, which you might beone of them.
Speaker 1 (03:33):
Right, you might be, so you might want to go find out
.
Speaker 2 (03:36):
Yeah.
So what does this mean?
(03:56):
Why is this important?
What does this mean for?
And then for?
The data brokers have somefabulous lobbies as well.
It's been hard to raise thisalarm, even amongst consumers.
Honestly, I know they get it, Iknow they know it, but actively
coming together and organizingis difficult, and those very
same lobbies will will equallyput efforts towards ensuring
(04:17):
that consumers don't cometogether on this, but it
continues to raise that alarmabout how data brokers handle
sensitive data.
Having a third party be able toaccess the company's GitHub
account.
It's problematic enough.
What we don't know is whetheror not, for example, there was
sensitive data sitting in theGitHub account, and that's how
they then got the sensitive data, because that would be extra
bad.
Why do you have people'ssensitive data sitting in GitHub
(04:40):
?
The truth is, they probably gotto the company's GitHub account
.
The GitHub account probably hadsome secrets hard-coded inside
of it.
The secrets were then used tofurther move laterally inside of
the account and then elevateprivileges, et cetera, et cetera
, et cetera, again logged in thewhole way.
They just logged their wayright through the 364,000 of
(05:02):
these.
Speaker 1 (05:03):
It's just like a house party going on, and then
they just walked right throughthe front door.
Speaker 2 (05:07):
Grab a red cup at the door, taps in the back.
Speaker 1 (05:12):
Just went into all the bedrooms, yeah.
Speaker 2 (05:15):
Put his feet up on.
Speaker 1 (05:16):
just made a sandwich, yeah yeah, yeah, whoa, whoa,
nobody noticed.
Speaker 2 (05:19):
Whoa whoa, no good, no good, yeah.
And yeah, whoa whoa, nobodynoticed.
Whoa whoa, no good, no good,yeah.
And this happened back inNovember of 2024, and so it's
coming out now.
Yep, you know, that's the otherproblem, that's the other
problem.
Speaker 1 (05:33):
That's a good.
I'm not a numbers guy, butthat's those are bad numbers.
That's well over six months oftime gap.
Speaker 2 (05:56):
That's well over six months of time gap, the leak.
It's putting too much credit onthe bad guys that got in and
not enough onus on the good guysand their governance around how
third parties have access totheir GitHub accounts and what
might be in GitHub that can thenpossibly let someone else move
further down the attack path.
(06:16):
There is not enough of that.
Speaker 1 (06:19):
Gabe, do we have any more information on what the
third-party tool was?
We?
Speaker 2 (06:24):
don't know right now, but GitHub has tons of
integrations, right?
Right, tons of third-partyintegrations and, more
importantly, you can simply justintegrate with its API, right?
Like you know, it has abeautifully well-documented API
that ungodly numbers of peopleuse.
I mean, github themselvesadvertise.
They've got over a millionpeople in the platform.
I use the platform for variousprojects and so, yeah, no, we
(06:48):
don't know what that third-partytool was, but I guess what I'm
getting at is that lessimportant should even be placed
on what that tool was.
It was the API access grantedto that tool that allowed this
series of events to occur.
Speaker 1 (07:01):
Is this a common hack in the way that they went in?
Speaker 2 (07:04):
It's unfortunately a common breach vector.
It's very much a common vectorfor breaches.
At this point, the following isme guessing at things, but
especially things like leavingcredentials inside of code,
hard-coding credentials in thescripts and codes and other
(07:24):
things and then syncing thosethings with your Git
repositories.
There are lots of ways Gititself will search for secrets
in your repositories and tellyou things, and there are
third-party tools that will helpyou search your Git repos for
secrets and you know if you'redoing things properly.
You should have your Git ignorefiles, even locally, as a
(07:45):
developer set up to not commitsecrets.
That's not enough, like you'vegot to layer that approach to do
all those things.
Speaker 1 (07:53):
Well, aside from that , I mean, what kind of measures
should those using third-partytools?
Kind of, what are the basicthings that should be besides
what you just named?
Is there anything else usingthird-party tools?
Kind of, what are the basicthings that should be besides
what you just named?
Is there anything else?
Speaker 2 (08:06):
First step is just governance being very
prescriptive in what accessthose third-party tools have
access to.
And then the flip side of thatcoin is interrogating the things
that they have access to toensure that there are no secrets
in there that the third partyshouldn't have access to See.
There are no secrets in therethat the third party shouldn't
have access to see.
Part of the challenge issometimes the secrets are in
(08:26):
there intentionally so that thethird party can, but that's not
a good way to manage secrets sowhat do you think this means?
Speaker 1 (08:32):
I mean, I know that that's uh data brokers are.
They seem to not have, theyseem to have more leeway.
Speaker 2 (08:40):
Be nice to see some stricter regulations put in
place in lieu of stricterregulations, I'll take bigger
fines, or that yeah.
I'll take bigger fines and I'mnot a big regulation fine guy
and I know I've gotten feedbackfrom some of my listeners that
they don't like it when I talkabout things like that damn
(09:02):
they're listening to us talk,but they don't want to hear you
talk.
Speaker 1 (09:04):
That's right.
They don't want to hear youtalk.
Speaker 2 (09:05):
They listen to me, that's right, they don't want to
hear me talk they want me tosay what they want me to say.
It's okay, though, the flipside of this, because you know
we we also talk a lot abouttechnology there there is are
not a shortage of technologysolutions to this problem also
to also overlay our governancesolutions, and there are robust
automated privacy operationstools that can assist with you
(09:26):
know, identifying secrets andensuring that they don't end up
in places you don't want them.
Speaker 1 (09:31):
Right.
A lot of things that you can do, a lot of good tools out there
that can automate and makethings more efficient and stop
collecting data you don't need.
Speaker 2 (09:43):
I mean when you're a data broker, there's no such
thing, I guess.
Speaker 1 (09:46):
Yeah, well, that I mean aside from them.
We know what they're doing.
But good lesson learned.
Hopefully they get a big finefor this one, so it makes all
the others kind of LexisNexis isprobably not going to.
Speaker 2 (09:58):
I don't see them getting fined, quite frankly,
and look again, I'm not superinterested in fining them.
They them getting fined quitefrankly.
And look again, I'm not superinterested in fining them.
They can pay a fine and I'drather take that fine and have
them invest it in bettergovernance policies, better
automated privacy operations.
I'd rather see that happen.
Speaker 1 (10:12):
I'd rather see the legislation.
Speaker 2 (10:14):
Yeah, exactly.
Speaker 1 (10:16):
If they're going to sell it legally, it doesn't
matter Well, that's thechallenge.
Speaker 2 (10:19):
If they're going to be legally allowed to sell it
anyway, then this is where weshould have some controls in
place to at least enforce betterbehavior.
You have private regulatoryrequirements like PCI, right
Payment Card IndustryAssociation.
They get together and they sayhey, if you want to be part of
our little cartel here, there'ssome rules you have to follow.
(10:39):
And so PCI calls explicitly forrules around how you protect
cardholder data.
That's a private initiative.
Why can PCI not be replicatedat the national level for
something like a data broker?
There's no reason.
There's zero reasons.
Speaker 1 (10:54):
That's a good point.
There's no reason Anything elsethat comes to mind about this
situation, Gabe that when itcomes to either privacy measures
or even backup stuff, On theconsumer side of things, you
know a healthy, friendlyreminder to continue to monitor
your privacy activities.
Speaker 2 (11:13):
On the corporate side of things, I mean, I think I'll
shamelessly plug it in there,but you know things like
Transcend's autonomous privacyoperations.
I'm listing it because I knowit.
But those are the things thatneed to happen.
And if you have to reactivelywait until someone says, hey,
you did the bad thing to do thatyou may be looking at this the
(11:33):
wrong way.
What do I get for shamelesslyplugging that?
By the way, send me a t-shirt.
Speaker 1 (11:38):
Can I get a t-shirt?
I'll get you a t-shirt.
All right, I'll take a t-shirt.
Speaker 2 (11:40):
I'll get you a t-shirt.
All right, I'll take a t-shirt.
I'll take a t-shirt and a mug.
Speaker 1 (11:45):
And a mug, all right.
Speaker 2 (11:47):
No, but seriously, I think the reason why I do bring
up technology in this is it is aproblem that is difficult to
solve with just humans.
Yeah, and humans are busytrying to do the work that
they're trying to do, right,like whoever committed that
secret into that LexisNexisGitHub repo.
I don't blame that person.
Again, it's not their fault.
There needs to be bettergovernance surrounding that
(12:09):
entire community of employeesperforming these activities to
do those things.
That's what needs to happen,and then there needs to be again
.
I'd really prefer some freakinglegislation around these data
brokers.
It's just a wild west for databrokers, man.
It's crazy tough.
It's way, way too wild west fordata brokers, and every single,
every single citizen is harmedby it, and any citizen that
(12:30):
thinks they're not harmed by itjust doesn't realize they're
being harmed.
Speaker 1 (12:33):
This might be a hot take, Gabe, but I'm pretty sure
that's what they want.
Speaker 2 (12:39):
I think you might be right.
Speaker 1 (12:40):
Why do you think that they have such free reign?
I think you might be right whydo you think that they have such
free reign?
I think you might be right,because there's so much power in
money and personal information.
Speaker 2 (12:48):
Yeah, sure.
Speaker 1 (12:51):
Funny how that goes.
Okay well, I don't think I haveanything else on this topic.
Speaker 2 (12:54):
Some links Love to get some feedback, you should
tag.
Heidi.
Heidi loves a good data broker.
Speaker 1 (12:59):
She does, she does I'm sure she's already talked
about it data broker she does,she does.
Speaker 2 (13:03):
I'm sure she's already talked about it.
I'm certain she's, she's, she'son this one hot.
Speaker 1 (13:06):
Yeah, but anyways, thanks for thanks for always
listening guys and if, ifanything, send us your questions
, your comments, anything we'dlove to hear back from you.
It's just to make sure thatwe're talking about the right
stuff, or if you have anyone.
Popular Podcasts
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com
On Purpose with Jay Shetty
I’m Jay Shetty host of On Purpose the worlds #1 Mental Health podcast and I’m so grateful you found us. I started this podcast 5 years ago to invite you into conversations and workshops that are designed to help make you happier, healthier and more healed. I believe that when you (yes you) feel seen, heard and understood you’re able to deal with relationship struggles, work challenges and life’s ups and downs with more ease and grace. I interview experts, celebrities, thought leaders and athletes so that we can grow our mindset, build better habits and uncover a side of them we’ve never seen before. New episodes every Monday and Friday. Your support means the world to me and I don’t take it for granted — click the follow button and leave a review to help us spread the love with On Purpose. I can’t wait for you to listen to your first or 500th episode!