LexisNexis Risk Solutions, a prominent data broker known for providing risk assessment services to financial institutions and corporations, has disclosed a significant data breach affecting over 364,000 individuals. The breach, which was reported dating back to December 25, 2024, involved an unauthorized access to the company’s GitHub account, a third-party platform used for software development. The stolen data includes a wide range of sensitive personal information, such as full names, dates of birth, phone numbers, postal and email addresses, Social Security numbers, and driver’s license numbers.
Jennifer Richman, a spokesperson for LexisNexis, confirmed to TechCrunch that the company received notification on April 1, 2025, from an unknown third party claiming to have accessed certain information. The company has not revealed the circumstances leading to the breach, nor whether it received a ransom demand from the hacker. LexisNexis has taken steps to secure the affected systems and is cooperating with regulatory authorities and law enforcement agencies to investigate the incident further. The breach raises serious concerns about data security practices in the data analytics and financial services industries.
As a major player in the data brokerage sector, LexisNexis’s breach could have wide-reaching financial implications, particularly for the company’s stakeholders and customers. The exposure of such extensive personal data poses significant risks, including potential identity theft, fraud, and financial loss. The incident also highlights the growing vulnerability of digital infrastructure in the financial and corporate sectors, where data breaches are becoming increasingly common despite heightened security measures.