LexisNexis Data Breach Exposes Sensitive Information of Over 364,000 Individuals
LexisNexis Risk Solutions (LNRS), a prominent data analytics firm, has disclosed a significant data breach that compromised the personal information of 364,333 individuals. The breach occurred on December 25, 2024, when an unauthorized party accessed data through a third-party platform used by LNRS for software development purposes. The company became aware of the incident on April 1, 2025, and began notifying affected individuals on May 24, 2025.
Details of the Breach
The unauthorized access was achieved via LNRS’s GitHub account, a platform utilized for software development. The compromised data includes:
– Full names
– Phone numbers
– Email and postal addresses
– Social Security numbers
– Driver’s license numbers
– Dates of birth
LNRS has emphasized that its core systems and infrastructure were not affected by this breach. The company stated, There was no compromise of our own systems, infrastructure, or products, attributing the breach solely to unauthorized access via GitHub.
Response and Mitigation Measures
Upon discovering the breach, LNRS took immediate action by launching a forensic investigation with the assistance of external cybersecurity experts and notifying law enforcement authorities. The company has offered two years of complimentary identity protection and credit monitoring services to those impacted. Additionally, LNRS has implemented enhanced security controls and is reviewing all potentially affected data to assess the scope of exposure.
Potential Risks and Recommendations
The exposed personal information poses significant risks, including identity theft and financial fraud. Individuals affected by the breach are advised to:
– Monitor their credit reports and account statements for any unauthorized activity.
– Consider placing a fraud alert or credit freeze on their credit files.
– Utilize the complimentary identity protection services offered by LNRS.
About LexisNexis Risk Solutions
LNRS is a global data and analytics company that provides services to various industries, including insurance, financial services, healthcare, and government agencies. The firm collects and analyzes vast amounts of consumer data to help clients assess risk and prevent fraud. This breach underscores the critical importance of robust cybersecurity measures, especially for organizations handling sensitive personal information.
