The data brokerage is notifying approximately 364,000 individuals of a breach.
What happened
LexisNexis Risk Solutions (LNRS) recently announced that they experienced a data breach in December 2024. According to a notice submitted to the Maine Attorney General’s Office, the company did not learn of the breach until April 1st, 2025.
Some personal information was stolen in the attack, including names, dates of birth, phone numbers, email addresses, Social Security numbers, and driver’s license numbers.
In total, 364,333 individuals were impacted. LNRS has notified relevant authorities of the incident. In response to the breach, the company is providing two years of free identity protection and credit monitoring services.
What was said
In their statement, the company said, “An unauthorized third party acquired certain LNRS data from a third-party platform used for software development. The issue did not affect LNRS’ own network or systems.”
The company further added that “no financial or credit card information was affected. We have no evidence that your data has been further misused.”
The intrigue
In a statement to SecurityWeek, LNRS said it initially learned of the breach after the company “received a report from an unknown third party claiming to have accessed certain information belonging to LNRS.”
LNRS also revealed that the company’s GitHub account was accessed by the threat actor. The GitHub account is what contained LNRS software and some individuals’ personal information. Although this breach didn’t occur in LNRS’ network, it directly impacted the organization and is a reminder that data is only as secure as every vendor or partner is. LNRS emphasized that their network has remained secure.
The bottom line
Impacted customers may not initially realize they have information stored on LexisNexis, which is a reminder that data is often circulated without individuals necessarily knowing who has it or for what purpose. Since LexisNexis data is generally taken from public databases, individuals should always consider who they are giving personal information to.
FAQs
What does LexisNexis Risk Solutions do?
LNRS is based out of Atlanta, Georgia and collects user information from public records and other sources. It uses this information to help identify risks for financial, insurance, healthcare, and government organizations.
Will individuals be notified of the breach?
Yes, individuals will be notified if they have been impacted by the breach. However, if LNRS does not have the current address of an impacted individual, they may not receive the notice.
Abby Grifno
