Data Breaches New LexisNexis Data Breach Confirmed After Hackers Leak Files The hackers claim to have stolen 2GB of files, including 400,000 personal information records. By Eduard Kovacs | March 4, 2026 (12:44 PM ET) Flipboard Reddit Whatsapp Whatsapp Email LexisNexis has confirmed a data breach after hackers leaked data allegedly stolen from its systems, but the legal and risk solutions giant claims the impact is limited. The hackers announced the intrusion on a cybercrime forum on Tuesday. Based on their statement, they attempted to extort LexisNexis but were unsuccessful. Representatives of LexisNexis Legal & Professional said in a statement to the media that while the attackers did gain access to some servers, the compromised systems mostly stored legacy and deprecated data from prior to 2020. The company has confirmed that information such as customer names, user IDs, business contact details, the IPs of customer survey respondents, and support tickets was compromised. “LexisNexis Legal & Professional has investigated a security matter and based on the investigation and testing we have done to date, we believe the matter is contained,” the company said. “We have no evidence of compromise of or impact to our products and services.” The hackers suggested that they exploited the React2Shell vulnerability and improperly secured AWS instances to access and exfiltrate more than 2GB of data. The cyberattack allegedly took place last week. The threat actor claimed to have obtained millions of data records, including enterprise account data, employee credentials, software development secrets, and personal information on 400,000 people, including over 100 individuals with .gov email addresses. The compromised personal information includes names, phone numbers, email addresses, and job roles. Advertisement. Scroll to continue reading. This is not the first data breach LexisNexis has suffered in recent years. LexisNexis Risk Solutions last year confirmed that a 2024 intrusion at a third party resulted in the information of more than 360,000 people being stolen . Related : Madison Square Garden Data Breach Confirmed Months After Hacker Attack Related : 1.2 Million Affected by University of Hawaii Cancer Center Data Breach Related : Canadian Tire Data Breach Impacts 38 Million Accounts Written By Eduard Kovacs Eduard Kovacs (@EduardKovacs) is the managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering. More from Eduard Kovacs VMware Aria Operations Vulnerability Exploited in the Wild Honeywell, Researcher Clash Over Impact of Building Controller Vulnerability Iran Cyber Front: Hacktivist Activity Rises, but State-Sponsored Attacks Stay Low Madison Square Garden Data Breach Confirmed Months After Hacker Attack Nick Andersen Appointed Acting Director of CISA US-Israel and Iran Trade Cyberattacks: Pro-West Hacks Cause Disruption as Tehran Retaliates Chilean Carding Shop Operator Extradited to US Juniper Networks PTX Routers Affected by Critical Vulnerability Latest News Zurich Acquires Beazley in $11 Billion Deal to Lead Cyberinsurance Hacker Conversations: Inti De Ceukelaire, Raging Against the Machine Creatively How Pirated Software Turns Helpful Employees Into Malware Delivery Agents AI Security Firm JetStream Launches With $34 Million in Seed Funding LastPass Warns of New Phishing Campaign Webinar Today: Designing an OT SOC for Safety, Reliability, and Business Continuity Google Plans Two-Week Release Schedule for Chrome Global Coalition Publishes 6G Security and Resilience Principles Trending Daily Briefing Newsletter Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts. Webinar: Securing Fragile OT in an Exposed World March 10, 2026 Get a candid look at the current OT threat landscape as we move past "doom and gloom" to discuss the mechanics of modern OT exposure. Register Virtual Event: Supply Chain Security and Third-Party Risk Summit March 18, 2026 Join the event where top security experts unpack the biggest software supply chain risks. Register People on the Move JumpCloud has appointed Roland Palmer as its new Chief Information Security Officer. Nick Andersen has been appointed Acting Director of CISA after the departure of Madhu Gottumukkala. Predictive revenue system company Clari + Salesloft has named Peter Liebert as CISO. More People On The Move Expert Insights Four Risks Boards Cannot Treat as Background Noise The goal isn’t about preventing every attack but about keeping the business running when attacks succeed. (Steve Durbin) How to Eliminate the Technical Debt of Insecure AI-Assisted Software Development Developers must view AI as a collaborator to be closely monitored, rather than an autonomous entity to be unleashed. Without such a mindset, crippling tech debt is inevitable. (Matias Madou) Security in the Dark: Recognizing the Signs of Hidden Information Security failures don’t always start with attackers, sometimes they start with missing truth. (Joshua Goldfarb) Living off the AI: The Next Evolution of Attacker Tradecraft Living off the AI isn’t a hypothetical but a natural continuation of the tradecraft we’ve all been defending against, now mapped onto assistants, agents, and MCP. (Etay Maor) Why We Can’t Let AI Take the Wheel of Cyber Defense The fastest way to squander the promise of AI is to mistake automation for assurance, and novelty for resilience. (Steve Durbin) Flipboard Reddit Whatsapp Whatsapp Email