ACCORDING to SecurityWeek, LexisNexis has confirmed a data breach after hackers leaked data allegedly stolen from its systems, with the intruders claiming to have exfiltrated more than 2GB of files and 400,000 personal information records. The intrusion was announced on a cybercrime forum on Tuesday, and the attackers said they attempted to extort LexisNexis but were unsuccessful.
Representatives of LexisNexis Legal & Professional said the attackers did gain access to some servers, but the compromised systems mostly stored legacy and deprecated data from before 2020. The company stated that information such as customer names, user IDs, business contact details, the IPs of customer survey respondents, and support tickets was compromised, and the matter is described as contained with no evidence of impact to products and services.
The attackers allegedly exploited the React2Shell vulnerability and improperly secured AWS instances to access and exfiltrate more than 2GB of data, with claims of millions of records including 400,000 individuals, some with .gov email addresses. The breach is not LexisNexis’s first in recent years. 4 March 2026.