Last updated 1 month ago
Thomson Reuters, a multinational technology and information services company, is facing a class-action lawsuit filed on 2026-05-01 in the U.S. District Court for the Eastern District of Michigan. The lawsuit alleges that a Thomson Reuters search engine publicly displayed the Social Security numbers of Michigan residents. The number of affected individuals and the total records exposed have not been disclosed in the article.
The breach method involved a misconfiguration of a Thomson Reuters search engine, which made Social Security numbers publicly accessible. No specific attack vector such as phishing or ransomware was involved; the exposure appears to be due to improper access controls or data handling practices. The data compromised includes Social Security numbers, which are highly sensitive personally identifiable information (PII). No threat actor or ransomware group has been attributed to this incident.
Post-incident developments include the filing of a class-action lawsuit by Michigan residents against Thomson Reuters. The lawsuit is in its early stages, and no details on regulatory involvement, ransom payments, or breach notifications have been provided in the article.
Public display of Social Security numbers via search engine
Thomson Reuters, a technology company handling sensitive data, failed to properly restrict access to Social Security numbers in its search engine, indicating a misconfiguration in access controls or data exposure policies. This incident underscores the need for rigorous data classification and automated scanning to detect unintended public exposure of PII, especially in search or aggregation services. Organizations should implement least-privilege access and regular audits of data visibility to prevent similar exposures.
Sign in to join the discussion.
Company
Industry
Location
Disclosed
Records Affected
Attack Vector