Data analytics firm LexisNexis confirmed that information posted on a cybercriminal forum is legitimate and related to a recent security incident in which a threat actor accessed a limited number of servers containing mostly legacy, pre-2020 data such as customer names, user IDs, business contact information, product usage details and support tickets. The company says the matter is contained, engaged a forensic firm, notified impacted customers and reported to law enforcement, and that the breached dataset did not include Social Security numbers or financial data. #LexisNexis #LexisNexisRiskSolutions
Keypoints
- A threat actor posted 2 GB of stolen data claiming millions of records, including .gov email addresses and account information.
- LexisNexis confirmed the leak was real but said the exposed data came from a limited number of servers and was mostly legacy, deprecated information from before 2020.
- The company engaged a preeminent cybersecurity forensic firm, notified affected current and former customers, and reported the incident to law enforcement.
- LexisNexis stated the breached data did not include Social Security numbers, financial details, or customer search histories.
- This incident follows a large 2025 breach at LexisNexis Risk Solutions that previously exposed sensitive personal information for hundreds of thousands of people.
Read More: https://therecord.media/lexisnexis-says-hackers-accessed-legacy-data