LexisNexis Risk Solutions Reports Major Data Breach Involving Over 360,000 Individuals

May 2025 — LexisNexis Risk Solutions (LNRS), a major provider of risk management and fraud prevention tools, has reported a significant data breach impacting the personal information of more than 360,000 individuals, according to a filing with the Maine Attorney General’s Office.
The breach reportedly occurred on December 25, 2024, when an unauthorized third party accessed sensitive LNRS data stored on GitHub, a third-party platform used by the company for software development purposes. The compromised data includes personally identifiable information such as names, contact details (postal, email, and phone), Social Security numbers, driver’s license numbers, and dates of birth.
Despite the breach originating on a third-party platform, LNRS maintains that its internal systems, infrastructure, and products were not compromised. The company claims it first learned of the incident on April 1, 2025, although outside counsel Lisa Sotto of Hunton Andrews Kurth LLP stated that the breach was formally discovered on May 14, 2025.
In response, LNRS initiated a forensic investigation, engaged law enforcement, and launched a comprehensive review of the impacted data. The company is offering two years of complimentary credit monitoring and identity protection services to affected individuals.
LNRS is best known for its data solutions that support background checks, fraud detection, criminal history validation, and access to property, bankruptcy, and court records—making the breach particularly sensitive due to the breadth and depth of information it typically processes.
Key Takeaway:
This breach underscores the critical risks posed by third-party platforms in enterprise software development and highlights the importance of supply chain security in data governance. Companies should re-evaluate their developer environments and ensure all third-party data repositories are hardened against unauthorized access.