LexisNexis Data Breach Impacts Over 364,000 Individuals
Data broker LexisNexis Risk Solutions has disclosed a data breach affecting more than 364,000 people. The breach, discovered on April 1, 2025, exposed sensitive personal information accessed through a third-party software development platform.
According to a spokesperson, an unauthorized individual gained access to LexisNexis's GitHub account. The compromised data includes names, dates of birth, phone numbers, postal and email addresses, Social Security numbers, and driver's license numbers.
Breach Details and Impact
The breach originated on December 25, 2024. LexisNexis received a report from an unknown third party on April 1, 2025, alerting them to the unauthorized access. The company filed a notice with Maine's attorney general.
LexisNexis, a major data broker, collects and sells consumer data to corporate clients for risk assessment and fraud detection. The company uses this information to help businesses verify customer identities and assess potential risks.
This incident raises concerns about the security practices of data brokers and the potential risks to consumer privacy. Last year, The New York Times reported on data sharing practices between car manufacturers and LexisNexis, highlighting the vast amounts of personal data collected and sold by these companies.
Law enforcement agencies also utilize LexisNexis for accessing personal information, including names, addresses, and call records.
Recent regulatory discussions around data broker practices add further context to this breach. The Trump administration recently withdrew a proposed rule that would have restricted data brokers from selling sensitive personal information, including Social Security numbers.