Over 364,000 People Have Personal Info Leaked Following Hack on Data Broker LexisNexis
A devastating cyberattack has struck data analytics and risk management firm LexisNexis, leaving a staggering 364,333 individuals vulnerable to identity theft. The breach, which occurred in December 2024, resulted in the unauthorized party gaining access to a third-party software development platform and stealing sensitive personal information.
According to a notification letter sent to those affected, no sensitive financial or credit card information was accessed, nor did the company's infrastructure, systems, and products fall victim to the attack. However, the leaked data includes names, phone numbers, email addresses, home addresses, SSNs, and driver's license details – enough to spark significant concern for anyone on the list.
"Our Information Security team, in consultation with a forensic firm, immediately began investigating and confirmed that some data which was held in GitHub... was acquired by an unknown third party. Specifically, we have determined that some software artifacts as well as some personal information was accessed," LexisNexis told The Register.
The leaked information is alarming, to say the least. The sheer amount of sensitive data compromised raises serious questions about the company's cybersecurity measures and its ability to protect customer information.
However, not everyone is pleased with LexisNexis' response timeline. Dr. Ilia Kolochenko, CEO at ImmuniWeb, expressed surprise that it took until May 2025 for the incident to be disclosed, saying: "The timeline of the incident detection and disclosure is a bit surprising for a company offering legal and other comparatively sensitive services... Given that a lot of personal data was reportedly compromised, the incident detection and response timeline is pretty far from being perfect, to put it mildly."
The consequences of this breach could be severe. As Dr. Kolochenko noted, "The legal consequences of this incident may cost a lot of dollars to the breach company – being composed of regulatory penalties, legal fees and a likely settlement agreement with the victims. Sadly, as practice demonstrates, the victims will likely get paltry two- or three-digit compensation for the incident in the best-case scenario."
LexisNexis is far from the first company to be affected by a breach like this. Retailers such as Co-op and Marks and Spencers have also faced similar cyberattacks, highlighting the ongoing threat of data breaches in today's digital landscape.
Stay Safe: Tips for Protecting Your Personal Info
If you're concerned about your personal info being leaked due to a breach like this, there are steps you can take to protect yourself:
- Monitor your credit reports regularly for any suspicious activity.
- Keep your passwords strong and unique.
- Avoid using public Wi-Fi for sensitive transactions.
- Stay up-to-date with the latest security software and patches.
Recommended Identity Theft Protection Services
If you're concerned about identity theft, consider investing in a reputable protection service. Some top options include:
- Aura: Offers upfront pricing and simplicity, with additional features like a password manager, VPN, and antivirus.
- Other options: Check out our list of the best identity theft monitoring services for more information.
We'll continue to monitor this situation and provide updates as more information becomes available. In the meantime, stay vigilant and take steps to protect your personal info.