LexisNexis Risk Solutions Data Breach

‍

LexisNexis Risk Solutions Data Breach Exposes Personal Information of Over 364,000 Individuals

LexisNexis Risk Solutions, a prominent data broker known for collecting and selling consumer data for fraud detection and risk analysis, has disclosed a significant data breach affecting more than 364,000 individuals. According to a filing with the Maine Attorney General's Office, the breach occurred on December 25, 2024, and involved the unauthorized access of sensitive personal information.

‍

What Happened?

The breach reportedly stemmed from an intrusion into a third-party software development platform used by LexisNexis. Company representatives confirmed that a hacker accessed the firm’s GitHub account, a cloud-based repository used by developers to store and collaborate on code.

The breach went undetected until April 1, 2025, when LexisNexis received an alert from an unidentified third party claiming to have accessed the company's data. LexisNexis has not confirmed whether a ransom demand was made, nor has it disclosed further technical details of how the breach occurred.

‍

What Information Was Compromised?

The data accessed in the breach varies by individual but may include:

• Full names
• Dates of birth
• Phone numbers
• Email and mailing addresses
• Social Security numbers
• Driver’s license numbers

This type of information is highly sensitive and can be used for identity theft, fraud, and other forms of financial exploitation.

‍

Why This Matters

LexisNexis is a key player in the multibillion-dollar data brokerage industry, which collects, compiles, and sells personal data to corporations, insurers, and government entities. The company helps clients perform risk assessments, detect fraud, and evaluate consumer behavior. However, the breadth and sensitivity of the data they collect make them high-value targets for cyberattacks. This breach raises serious concerns not only about the security of personal data, but also about how much control consumers actually have over their information.

‍

In past reports, LexisNexis has been criticized for gathering consumer data without clear consent. Notably, The New York Times reported that several automakers shared vehicle telematics data, such as driving habits and mileage, with LexisNexis—often without car owners' knowledge. This data was then sold to insurance companies and used to set insurance premiums. Law enforcement agencies also use LexisNexis tools to access names, addresses, and call records during investigations, giving the company considerable influence in both the private and public sectors.

‍

Regulatory Rollbacks Raise Privacy Concerns

Compounding these concerns is a recent decision by the federal government to abandon a proposed rule aimed at regulating data brokers more closely. The plan, introduced during the previous administration, would have required companies like LexisNexis to follow federal privacy standards similar to those imposed on credit bureaus.

In early 2025, the White House officially withdrew the proposal, stating the regulation was "not necessary or appropriate"—despite long-standing calls from privacy advocates and legal experts for tighter controls over how data brokers handle Americans’ sensitive personal and financial information.

‍

What You Can Do If You Were Affected

If you received a data breach notification from LexisNexis Risk Solutions—or believe your personal information may have been exposed—it’s essential to act quickly:

1. Monitor your credit for suspicious activity.
2. Place fraud alerts or credit freezes with the major credit bureaus.
3. Change your passwords and enable two-factor authentication on key accounts.
4. Preserve any communications from LexisNexis related to the breach.
5. Contact a data breach attorney to explore your legal rights.

You may be entitled to compensation for financial losses, time spent responding to the breach, emotional distress, and other damages.

‍

Contact Us Today for a Free Case Review

At Pittman, Dutton, Hellums, Bradley & Mann, P.C., we help victims of data breaches pursue justice and hold negligent companies accountable. If your personal information was compromised in the LexisNexis breach, contact us at (205) 322-8880 for a free, no-obligation consultation.

We’re here to protect your privacy—and your future.

‍

Links

[1] https://www.maine.gov/agviewer/content/ag/985235c7-cb95-4be2-8792-a1252b4f8318/782e2159-f2d4-4394-8d03-51bf08a6b3e5.html

[2] https://www.theverge.com/news/675702/lexisnexis-data-broker-breach-social-security-numbers

‍

‍