LexisNexis Breach Exposes 364,000 Individuals' Data

LexisNexis Risk Solutions, a major U.S. data broker, experienced a data breach on December 25, 2024, exposing personal information—including names, Social Security numbers, contact details, birth dates, and driver’s license numbers—of over 364,000 individuals. The breach resulted from unauthorized access to the company's GitHub account on a third-party software development platform, while LexisNexis's own systems were not compromised. The breach was discovered on April 1, 2025, prompting the company to notify law enforcement and regulators, launch an internal investigation with cybersecurity experts, and offer affected individuals two years of free identity protection and credit monitoring. LexisNexis stated that no financial or credit card data was exposed and there is no evidence of further misuse of stolen data. The incident underscores the risks of personal data held by data brokers and comes amid stalled efforts to regulate the industry. Attorneys are investigating the breach for potential class-action lawsuits.