LexisNexis Risk Solutions, a major American data analytics company based in Georgia, disclosed that attackers stole personal information of over 364,000 individuals in a breach
that occurred in December 2024. The company revealed this after sending breach notifications to affected individuals starting May 24, 2025. LexisNexis learned on April 1, 2025, that an unauthorized third party had accessed some of its data from a third-party software development platform, GitHub, through a compromised company account.
According to the notifications, the breach did not affect LexisNexis’s own networks or systems. Instead, the data was acquired from software artifacts and personal information stored on GitHub, which the company uses for development purposes. LexisNexis confirmed that the stolen personal information included names, contact details like phone numbers and email addresses, Social Security numbers, driver’s license numbers, and dates of birth. Importantly, no financial, credit card, or other highly sensitive information was accessed.
The company has alerted affected individuals to monitor their account statements and credit reports for signs of fraud or identity theft. To support them, LexisNexis will offer two years of free identity protection and credit monitoring services. LexisNexis is a subsidiary of RELX, a British multinational data analytics firm. The company operates in over 40 countries, employs more than 11,800 people, and serves clients in more than 180 countries. It works with 85% of Fortune 500 companies and 91% of the Fortune 100, including nine of the world’s top ten banks.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
