LexisNexis Risk Solutions, a major data broker that collects and uses consumers’ personal data to assist its corporate clients in detecting fraud and risk, has disclosed a data breach impacting more than 364,000 individuals. The breach, which occurred on December 25, 2024, allowed a hacker to access the company’s GitHub account and retrieve sensitive personal information from a third-party software development platform. The stolen data includes personal details such as names, birth dates, phone numbers, postal and email addresses, Social Security numbers, and driver’s license numbers.
Jennifer Richman, a spokesperson for LexisNexis, informed TechCrunch that the breach was reported to the company on April 1, 2025, following a notification from an unknown third party claiming to have accessed certain information. LexisNexis has not disclosed whether a ransom demand was made by the hacker. The company has yet to offer further details on the circumstances surrounding the breach. At this point, it remains unclear whether the hacker’s actions were motivated by financial gain, espionage, or other motives.
The incident has sparked concerns about the security of personal data held by major data brokers, particularly in light of increasing cyber threats and the potential for identity theft. LexisNexis, which provides risk and fraud management services to businesses, may face regulatory scrutiny and legal liability as a result of the breach. The company’s reputation and financial stability could be impacted, especially if further breaches or security vulnerabilities are discovered. As investigations continue, the company is expected to take steps to improve its cybersecurity measures and protect customer data going forward.