A significant cybersecurity incident involving LexisNexis Risk Solutions (LNRS) has put hundreds of thousands of Americans at risk for identity theft and fraud. According to a recent filing with the Office of the Maine Attorney General, 364,333 customers are affected by the breach. The Georgia-based risk management firm disclosed that an unknown attacker gained unauthorized access to a third-party platform used by LexisNexis on December 25th, 2024, compromising various customer data. The exposed information includes names, addresses, phone numbers, email addresses, postal details, Social Security numbers, and driver’s license numbers.
LexisNexis, a global data and analytics firm that helps companies manage risks and prevent fraud, revealed that it became aware of the breach on April 1st, 2025. The firm stated that the issue did not affect its own networks or systems but was limited to the third-party platform used for software development. In response to the incident, LexisNexis promptly notified affected customers through letters, offering them free credit monitoring and identity protection services for 24 months.
The company is currently reviewing and revamping its security protocols to prevent similar incidents in the future. LexisNexis is also urging its customers to remain vigilant for any suspicious activity that may indicate fraud or identity theft. This breach highlights the ongoing challenges faced by companies in protecting sensitive customer information and the importance of robust cybersecurity measures.
Details of the Breach
- Affected Customers: 364,333
- Compromised Data: Names, addresses, phone numbers, email addresses, postal details, Social Security numbers, driver’s license numbers
- Date of Breach: December 25th, 2024
- Date Discovered: April 1st, 2025
- Response: Free credit monitoring and identity protection services for 24 months offered to affected customers
LexisNexis emphasizes its commitment to enhancing its security protocols to avoid potential future breaches. The incident serves as a reminder of the critical need for continuous vigilance in cybersecurity practices across all industries.
