LexisNexis Risk Solutions has confirmed a significant data breach affecting more than 364,000 individuals, triggered by a cybersecurity incident at a third-party software development platform it used. The breach, which occurred in late 2024, was disclosed in a formal filing with Maine’s attorney general and has since drawn widespread attention due to the sensitive nature of the exposed information.
In notifications sent to affected individuals, LexisNexis warned that an unauthorized party may have accessed a range of personal information including names, contact details such as phone numbers and email or mailing addresses, as well as highly sensitive data like Social Security numbers, driver’s license numbers, and dates of birth.
Importantly, the company clarified that no financial or credit card data was compromised in the breach and stated there is no current evidence to suggest the stolen data has been misused. Nonetheless, the company has moved swiftly to contain the situation—bringing in external cybersecurity experts and informing law enforcement authorities.
As a protective measure, LexisNexis is offering two years of complimentary identity theft protection and credit monitoring services to those impacted by the breach. The company reiterated its commitment to data security and said it is taking further steps to prevent similar incidents in the future.
This breach underscores the growing risks posed by third-party software providers in today’s interconnected data ecosystem, where even indirect vulnerabilities can have far-reaching consequences.