LexisNexis Risk Solutions, a prominent data broker based in Georgia, has announced a significant data breach affecting more than 364,000 individuals. The breach, which occurred in December 2024, was disclosed in notifications sent to the affected parties beginning May 24, 2025. The company learned of the unauthorized access on April 1, 2025, confirming that the breach involved data stolen from a GitHub account associated with the firm.
The data broker explained that an unknown threat actor exploited a compromised account to access the data. LexisNexis stated, “On April 1, 2025, we learned that on December 25, 2024, an unauthorized third party acquired certain LNRS data from a third-party platform used for software development.” The notification emphasized that LexisNexis’s internal systems were not compromised during this incident.
According to a filing with the Maine Attorney General’s Office, the breached data included personally identifiable information such as names, contact details, Social Security numbers, driver’s license numbers, and dates of birth. However, no financial information or sensitive personal data was accessed, mitigating some concerns over identity theft.
In light of the breach, LexisNexis has urged affected individuals to closely monitor their account statements and credit reports for any signs of fraud or identity theft. The company is offering two years of complimentary identity protection and credit monitoring services to those impacted. LexisNexis is a subsidiary of RELX, a global data analytics provider with a wide customer base.
The breach has drawn attention to the vulnerabilities introduced by third-party platforms, particularly in software development environments. LexisNexis, which operates in over 180 countries and markets to major corporations, aims to enhance its security measures to prevent future incidents. The company employs more than 11,800 staff worldwide, serving a substantial portion of Fortune 500 companies.