LexisNexis Data Breach: 364,000+ Records Exposed

LexisNexis Data Breach Impacts Over 364,000 Individuals

LexisNexis Risk Solutions, a firm specializing in data brokerage, has reported a significant data security incident. The breach compromises the personal information of more than 364,000 individuals.

The company’s disclosure to Maine’s attorney general indicates the incident occurred beginning December 25, 2024. An unauthorized actor gained access to sensitive consumer data via a third-party platform utilized for software development.

Details of the Security Incident

According to Jennifer Richman, a representative for LexisNexis, the breach involved unauthorized access to the company’s GitHub account by an unidentified hacker.

The types of data exposed vary between individuals, but include potentially identifying information. This encompasses names, dates of birth, phone numbers, postal and email addresses.

Furthermore, the compromised data also features Social Security numbers and driver’s license numbers.

Investigation and Response

The circumstances leading to the breach are currently under investigation. LexisNexis received notification of the potential access on April 1, 2025, from an anonymous source.

The company has not disclosed whether a ransom demand was made by the perpetrator.

The Role of Data Brokers and Privacy Concerns

LexisNexis operates within a multi-billion dollar industry focused on the collection and sale of personal and financial data.

The company provides services to businesses, assisting them in identifying potentially fraudulent activities and assessing risk associated with customers.

Recent reports from The New York Times highlighted data sharing practices. Car manufacturers reportedly shared vehicle driving data with LexisNexis without explicit owner consent.

This data was subsequently sold to insurance companies, influencing insurance premium calculations based on mileage and driving behavior.

Law Enforcement Use and Regulatory Changes

Law enforcement agencies also utilize LexisNexis to obtain personal information related to investigations.

This includes details such as names, addresses, and phone call records.

Earlier in the month, a plan to restrict data broker sales of sensitive personal information was abandoned by the Trump administration.

Russell Vought, a White House official, stated the Biden-era rule – which would have aligned data broker regulations with those governing credit bureaus – was deemed unnecessary.

This decision occurred despite ongoing advocacy from privacy groups seeking to close existing loopholes.

This article has been updated to include a statement from LexisNexis.