LexisNexis Risk Solutions (LNRS), a prominent provider of data analytics and risk management services, has revealed a significant data breach that exposed the personal information of more than 360,000 individuals. The breach was traced to a third-party software development platform, not LNRS’s own systems.
Details of the Breach
According to a notification sent to affected individuals, an unauthorized party accessed the third-party platform on December 25, 2024, and extracted LNRS data. The intrusion was detected on April 1, 2025, after LNRS received a report from an unknown third party. The company immediately launched an investigation with the help of external cybersecurity experts and confirmed that data stored in GitHub had been compromised.
LNRS stated, "Some software artifacts as well as some personal information was accessed." However, the company emphasized that no financial, credit card, or other highly sensitive personal information was involved, and its own infrastructure and products were not compromised.
Information Exposed
The breach affected approximately 364,333 individuals. The types of data exposed vary by person but may include:
- Names
- Phone numbers
- Home addresses
- Email addresses
- Social Security numbers
- Driver's license numbers
- Dates of birth
LNRS has notified all affected individuals and relevant regulators, and has reported the incident to law enforcement. The company is offering 24 months of identity protection and credit monitoring through Experian, in addition to reminding U.S. citizens of their right to a free annual credit report.
Company Response and Recommendations
In its letter to those impacted, LNRS wrote:
"Upon learning of the issue, we promptly launched an investigation with the assistance of leading external cybersecurity experts, notified law enforcement, and took steps to review and further enhance our security controls. We also initiated an extensive review of the impacted data to identify personal information that may have been affected."
The company advises affected individuals to remain vigilant for signs of fraud or identity theft by monitoring account statements and credit reports.
Context: A Wave of High-Profile Breaches
LNRS joins a growing list of major organizations recently targeted by cybercriminals. Recent incidents include:
- Adidas apologizing for a breach, though details remain undisclosed
- Coinbase confirming a breach affecting around 70,000 people, enabled by bribed offshore support workers
- The UK's Legal Aid Agency facing a breach potentially impacting millions
These incidents highlight the increasing scale and sophistication of cyberattacks targeting both private and public sector organizations worldwide.
At the time of writing, LNRS had not provided further details on the attack’s specifics or its origins.
