Over 364,000 people have personal info leaked following hack on data broker LexisNexis
Hundreds of thousands have been affected in the leak.
- LexisNexis has suffered a data breach after a cyberattack
- Personal information was taken affecting around 360,000 users
- Not everyone is happy with the response timeline from the organization
Data analytics and risk management firm LexisNexis has disclosed a cyberattack that resulted in data theft affecting 364,333 individuals.
In a notification letter sent to those affected, the company claims an “unauthorized party” gained access to a third-party software development platform and stole the data.
According to the firm, no sensitive personal information was accessed, nor was financial or credit card information, and the organisation’s infrastructure, systems, and products also remain uncompromised.
Save up to 68% on identity theft protection for TechRadar readers!
TechRadar editors praise Aura's upfront pricing and simplicity. Aura also includes a password manager, VPN, and antivirus to make its security solution an even more compelling deal.
Preferred partner (What does this mean?)View Deal
Information affected
“Our Information Security team, in consultation with a forensic firm, immediately began investigating and confirmed that some data which was held in GitHub... was acquired by an unknown third party. Specifically, we have determined that some software artifacts as well as some personal information was accessed” LexisNexis told The Register.
The leaked information includes names, phone numbers, email addresses, home addresses, SSNs, and driver’s license details - enough to spark concern for anyone affected. Take a look at the best identity theft monitoring services if you are concerned.
Not everyone is impressed with LexisNexus’ response timeline, though. Dr Ilia Kolochenko, CEO at ImmuniWeb explains;
“The timeline of the incident detection and disclosure is a bit surprising for a company offering legal and other comparatively sensitive services: the incident reportedly happened in December 2024, was detected in April 2025 after receiving information from the attackers, while disclosed only in May. Given that a lot of personal data was reportedly compromised, the incident detection and response timeline is pretty far from being perfect, to put it mildly.”
“The legal consequences of this incident may cost a lot of dollars to the breach company – being composed of regulatory penalties, legal fees and a likely settlement agreement with the victims. Sadly, as practice demonstrates, the victims will likely get paltry two- or three-digit compensation for the incident in the best-case scenario.”
LexisNexis is far from the first company to be affected by a breach like this, with firms like Co-op and Marks and Spencers offering apologies for the effects of cyberattacks that hit the retailers in May 2025.
You might also like
- Take a look at our picks for the best malware removal software around
- Check out our choice for best antivirus software
- PowerSchool hit by cyberattack which saw student and teacher data stolen
