em360tech image

LexisNexis has suffered a data breach that has impacted over 364,000 people. Based on a filing with Maine’s attorney general, the breach is confirmed to occur as far back as Christmas Day 2024.

The data was able to be accessed due to a vulnerability in a third party platform that was used for software development.

"On April 1, 2025, we learned that on December 25, 2024, an unauthorized third party acquired certain LNRS data from a third-party platform used for software development. The issue did not affect LNRS's own networks or systems” the company statement read.

The third party software development platform that was compromised was the LexisNexis GitHub account.

Read: Legal Aid Cyber Attack Puts Thousands At Risk

LexisNexis Risk Solutions is a data analytics company that collects consumer data to help corporate customers detect fraud.

As a major data broker, LexisNexis Risk Solutions collects and maintains vast amounts of sensitive personal information, making it a prime target for cyberattacks."

The stolen data includes a wealth of personal information including names, dates of birth, phone numbers, home addresses as well as social security numbers and drivers licenses.

LexisNexis is currently investigating the incident and has employed external cybersecurity experts. The company has also notified law enforcement.

There is currently no evidence that any financial or banking information has been compromised in the LexisNexis data breach, though it is important to remain vigilant.

The LexisNexis data breach highlights the risk associated with third-party vendors and supply chain security, even for companies with robust internal cybersecurity measures.

What To Do If You're Impacted By LexisNexis Data Breach?

Having your personal information involved in a data breach can be extremely distressing. However there are steps you can take to minimise the potential negative outcomes.

LexisNexis have warned those affected to monitor their account statements and credit reports incase of identity theft incidents. They have confirmed that they will provide affected individuals with up to two years of identity protection and credit monitoring services.

Be sure to report any suspicious transactions immediately and consider freezing your cards and credit.

It is also good cybersecurity practice to enable multi-factor authentication on as many accounts as possible, especially social media accounts as well as banking and email.

Be aware that your information being compromised can make you a target for social engineering and phishing scams. These scams involve impersonating trusted organizations or individuals using information they already have about you as a result of the leak to convince you to hand over money or further details. Be skeptical of anyone asking you for information.