- Lexisnexis has suffered a data overgrowth after a cyberattack
- Personal information was taken that affected about 360,000 users
- Not everyone is satisfied with the response -time line from the organization
Data analysis and risk management company Lexisnexis have revealed a cyberattack that resulted in data theft affecting 364,333 individuals.
In a notification letter sent to those affected, the company claims that an “unauthorized party” was given access to a third -party software development platform and stole the data.
According to the company, no sensitive personal information was available, nor was there financial or credit card information, and the organization’s infrastructure, systems and products also remain uncompromising.
The information affected
“Our information security team, in consultation with a forensic company, immediately began to investigate and confirm that some data held in GitHub … was acquired by an unknown third party. Specifically, we have decided that some software artefacts as well as some personal information became access to” Lexisnexis told told told told Registered.
The leaked information includes names, phone numbers, e -mail addresses, home addresses, SSNs and driver’s license information -enough to trigger concern for anyone affected. Look at the best surveillance services for identity theft if you are concerned.
However, not everyone is impressed with the Lexisnexus response line. Dr. Ilia Kolochenko, CEO of Immuniweb explains;
“The timeline of incident detection and disclosure is a bit surprising to a company that offers legal and other relatively sensitive services: The incident was reportedly happening in December 2024, was discovered in April 2025 after receiving information from attackers, while they were revealed only in May. Considering that a lot of personal data was reportedly compromised, the holding of the detail and the process of detection is reportedly Perfect as they were said. “
“The legal consequences of this incident can cost a lot of dollars to the violation company-there are composed of legislative sanctions, legal fees and a likely settlement agreement with the victims. Unfortunately, as practice, the victims will probably receive gentle two- or three-digit compensation for the incident in the best case.”
Lexisnexis is far from the first company affected by a violation like this, with companies such as Co-Op and Marks and Spencers offering apology for the effects of cyberattacks that hit retailers in May 2025.
