Key points:
- LexisNexis Risk Solutions experienced a data breach affecting over 360,000 customers.
- The breach originated from unauthorized access to data on GitHub, not LNRS’s core systems.
- Exposed data may include names, contact details, SSNs, and driver's license numbers.
LexisNexis Risk Solutions (LNRS), a provider of data analytics and fraud prevention products, has disclosed a data breach that compromised the personal information of more than 360,000 individuals. The breach was revealed in a notification filed with the Maine Attorney General’s Office and later confirmed in a statement provided to Legaltech News.
According to the filing, the breach occurred on December 25, 2024, when an unauthorized party accessed LNRS data via GitHub, a third-party platform used by the company for software development. The exposed data may have included customers’ names, phone numbers, email or postal addresses, Social Security numbers, driver’s license numbers, and dates of birth.
In its statement, LNRS emphasized that its core infrastructure and systems were not compromised. “There was no compromise of our own systems, infrastructure, or products,” the company said, attributing the breach solely to unauthorized access via GitHub.
LexisNexis said it became aware of the breach on April 1, 2025, but outside counsel Lisa Sotto of Hunton Andrews Kurth noted in regulatory filings that the breach was formally discovered on May 14. LNRS has since notified law enforcement, launched a forensic investigation, and begun notifying affected individuals.
As part of its response, LNRS is offering two years of complimentary identity protection and credit monitoring services to those impacted. The company said it has also taken steps to enhance its security controls and is reviewing all potentially affected data to assess the scope of exposure.
“Upon learning of the issue, we promptly launched an investigation with the assistance of leading external cybersecurity experts, notified law enforcement and took steps to review and further enhance our security controls,” the company said in its breach notification.
LexisNexis Risk Solutions is known for products that help companies and government agencies manage fraud risk, verify identities, and access personal and financial records. The data breach raises fresh concerns about third-party software development platforms, which have become frequent targets for threat actors due to their access to sensitive backend data.
