LexisNexis Risk Solutions and LexisNexis: LexisNexis Investigates Breach, Customer Data Access

LexisNexis Confirms Data Breach Affecting Legacy Customer Data

LexisNexis, the legal and business intelligence provider, has confirmed a data breach involving legacy servers containing customer information. The incident, disclosed on Tuesday, exposed names, business contact details, user identities, product usage records, IP addresses from customer surveys, and support ticket data though no sensitive personally identifiable information (PII) such as Social Security numbers, financial details, or active passwords was accessed.

The company stated that the breach was contained following an investigation, with no evidence of compromise to its active products or services. LexisNexis engaged an unnamed cybersecurity forensic firm and notified law enforcement, as well as affected current and former customers. The compromised servers held deprecated data from before 2020.

Threat actor FulcrumSec claimed responsibility, alleging access to LexisNexis’ Amazon Web Services (AWS) infrastructure via an unpatched React2Shell vulnerability in a frontend application. The group posted 2GB of files in underground forums, asserting that the breach impacted records from law firms, insurance companies, government agencies, and universities. FulcrumSec also claimed to have contacted LexisNexis about the incident but received no cooperation.

This is not the first breach for LexisNexis. In December 2024, its Risk Solutions division suffered an incident affecting 364,000 individuals, discovered in 2025. FulcrumSec has also taken credit for a prior breach at electronics distributor Avnet, confirmed in October.

The incident follows recent high-profile cyberattacks, including the exploitation of Fortinet FortiGate firewalls, a July 2025 ransomware attack on Ingram Micro, and critical vulnerabilities in Ivanti’s mobile management tools.

Source: https://www.crn.com/news/security/2026/lexisnexis-investigates-breach-customer-data-accessed

LexisNexis cybersecurity rating report: https://www.rankiteo.com/company/lexisnexis

"id": "LEX1772584112",
"linkid": "lexisnexis",
"type": "Breach",
"date": "12/2024",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'customers_affected': 'Current and former customers '
                                              '(law firms, insurance '
                                              'companies, government agencies, '
                                              'universities)',
                        'industry': 'Legal and Business Intelligence',
                        'name': 'LexisNexis',
                        'type': 'Corporation'}],
 'attack_vector': 'Unpatched React2Shell vulnerability in a frontend '
                  'application',
 'customer_advisories': 'Notified affected current and former customers',
 'data_breach': {'data_exfiltration': '2GB of files posted in underground '
                                      'forums',
                 'personally_identifiable_information': 'Names, business '
                                                        'contact details, user '
                                                        'identities, IP '
                                                        'addresses',
                 'sensitivity_of_data': 'Non-sensitive PII (no Social Security '
                                        'numbers, financial details, or active '
                                        'passwords)',
                 'type_of_data_compromised': 'Legacy customer data'},
 'date_publicly_disclosed': '2025-07-30',
 'description': 'LexisNexis, the legal and business intelligence provider, '
                'confirmed a data breach involving legacy servers containing '
                'customer information. The incident exposed names, business '
                'contact details, user identities, product usage records, IP '
                'addresses from customer surveys, and support ticket data. No '
                'sensitive personally identifiable information (PII) such as '
                'Social Security numbers, financial details, or active '
                'passwords was accessed.',
 'impact': {'data_compromised': 'Names, business contact details, user '
                                'identities, product usage records, IP '
                                'addresses, support ticket data',
            'systems_affected': 'Legacy servers (deprecated data from before '
                                '2020)'},
 'initial_access_broker': {'entry_point': 'AWS infrastructure via unpatched '
                                          'React2Shell vulnerability'},
 'investigation_status': 'Contained',
 'post_incident_analysis': {'root_causes': 'Unpatched React2Shell '
                                           'vulnerability in a frontend '
                                           'application'},
 'references': [{'source': 'LexisNexis Public Disclosure'},
                {'source': 'FulcrumSec Claims'}],
 'response': {'communication_strategy': 'Notified affected current and former '
                                        'customers',
              'containment_measures': 'Breach contained following '
                                      'investigation',
              'law_enforcement_notified': 'Yes',
              'third_party_assistance': 'Unnamed cybersecurity forensic firm'},
 'threat_actor': 'FulcrumSec',
 'title': 'LexisNexis Data Breach Affecting Legacy Customer Data',
 'type': 'Data Breach',
 'vulnerability_exploited': 'React2Shell'}

LexisNexis Risk Solutions and LexisNexis: LexisNexis Investigates Breach, Customer Data Access

Stats SA: Stats SA hit by cyberattack, hackers demand ransom over stolen data

F5: Warning: CISA, experts concerned over active exploitation of 6-month-old F5 BIG-IP APM vulnerability

Urban VPN Proxy: Malicious Browser Extensions Can Steal AI Chats in New “Prompt Poaching” Attack