LexisNexis Data Breach Exposes Personal Information of Over 364,000 Individuals

Data Broker LexisNexis Reports Breach Affecting Over 364,000 People LexisNexis Risk Solutions, a prominent data brokerage firm that compiles and utilizes consumers' personal information to assist clients in detecting fraud and assessing risk, announced a significant data breach impacting more than 364,000 individuals. According to a filing with the Maine Attorney General, the breach occurred on December 25, 2024, when a hacker gained unauthorized access to sensitive consumer data stored on a third-party platform used for software development. Jennifer Richman, a LexisNexis spokesperson, revealed to TechCrunch that the breach involved the company's GitHub account. The hacker managed to steal a variety of data, including names, dates of birth, phone numbers, postal and email addresses, Social Security numbers, and driver’s license numbers. The exact circumstances surrounding the breach remain unclear. Richman noted that LexisNexis received a report on April 1, 2025, from an unidentified third party, claiming to have accessed certain information. The company did not disclose whether a ransom was demanded by the hacker. Data brokers like LexisNexis are part of a lucrative industry that profits from gathering and selling vast amounts of personal and financial information about Americans. LexisNexis employs this data to help businesses identify potentially fraudulent transactions and conduct risk assessments on potential customers. However, their practices have come under scrutiny. Last year, The New York Times reported that automotive manufacturers shared vehicle usage data with LexisNexis without explicit consent from car owners. This data was subsequently sold to insurance companies, which used it to set insurance premiums based on driving habits and mileage. Law enforcement agencies also rely on LexisNexis to access personal information on suspects, such as names, home addresses, and call records. This underscores the broad reach and significance of the data broker’s role in various sectors. Recently, the Trump administration rescinded a planned regulation that aimed to restrict data brokers from selling sensitive information, including Social Security numbers. The rule, put forward during the Biden presidency, would have mandated that data brokers adhere to federal privacy standards similar to those enforced on credit bureaus and renter-screening companies. Russell Vought, a White House official, explained in a Federal Register notice that the rule was deemed "unnecessary or inappropriate," despite persistent advocacy for stronger privacy protections. This decision to scrap the regulation leaves a significant loophole in data privacy laws, leaving consumers’ information more vulnerable to misuse and breaches. Privacy advocates have been vocal in their criticism, arguing that the industry's current lack of accountability poses serious risks to personal security. LexisNexis has not provided additional specifics about the breach but assured that they are taking steps to address the situation and secure affected users' information. The breach highlights the ongoing challenges in ensuring robust cybersecurity measures, especially in industries that handle large volumes of sensitive data. As data breaches continue to make headlines, the debate over data privacy and regulation remains a critical issue in both the public and private sectors.