LexisNexis Risk Solutions has revealed a significant data breach. Attackers successfully stole sensitive personal information. Over 364,000 individuals were directly affected by this. The actual breach occurred on December 25, 2024. LexisNexis itself was informed about it on April 1, 2025. The company then began notifying affected people. These notifications started on May 24th. The data was stolen from a GitHub account. This was a third-party platform used for software development. A compromised company account was exploited by the attackers. LexisNexis stated its own internal networks were not breached.
The types of impacted personal information varied among individuals.
Exposed data could include full names and contact details. This includes phone numbers, postal addresses, or email addresses. Crucially, Social Security numbers were also potentially exposed. Driver’s license numbers and individuals’ dates of birth were affected too. However, the company stated financial information was not compromised. No credit card data was accessed or stolen by the attackers. LexisNexis currently has no evidence of further data misuse. The exact circumstances leading to the breach remain unclear. The company did not disclose if a ransom demand was made.
LexisNexis has issued warnings to all affected individuals. They are strongly advised to monitor their account statements. Credit reports must also be checked regularly for fraud. This vigilance can help detect identity theft attempts early. The company is offering support to the victims. They will provide two years of free identity protection services. Free credit monitoring services are also included in this support. This assistance aims to help impacted people effectively. It will help them better safeguard their personal information.
These services are being provided proactively to those affected.
LexisNexis Risk Solutions is a subsidiary of RELX. RELX is a large British multinational data analytics provider. LexisNexis serves customers in over 180 countries and territories. It maintains offices in approximately 40 countries globally. The company employs more than 11,800 people worldwide. It works closely with many large corporations. This includes 85% of Fortune 500 companies. It also serves nine of the world’s top 10 banks. As a major data broker, it collects consumer data. This data helps businesses detect potential risk and fraud. This makes such data-rich companies attractive targets for cybercriminals.
Reference: