‘We have no evidence of compromise of or impact to our products and services,’ a LexisNexis spokesperson said.
LexisNexis has experienced a data breach involving some of its legacy servers, with hackers accessing customer names, business contact information and other information, the legal technology company confirmed to CRN on Tuesday.
A spokesperson with the New York-based company told CRN in an email that LexisNexis considers the matter contained after an investigation and testing. It engaged an unnamed “preeminent cybersecurity forensic firm to assist in our investigation and response and have reported this issue to law enforcement.”
“We have no evidence of compromise of or impact to our products and services,” the spokesperson said. “We take our responsibility to safeguard customer information extremely seriously and have informed impacted current and previous customers of this matter.”
LexisNexis Breach
The LexisNexis spokesperson said that the breach hit a limited number of servers with legacy, deprecated data from before 2020. The data also included user identities, products used, customer surveys with respondent internet protocol (IP) addresses and support tickets.
Sensitive personally identifiable information (PII) data such as Social Security numbers and driver’s license numbers were not accessed. Hackers also did not access credit card, bank accounts and other financial information. The hackers did not access active passwords, customer search queries, customer client information or customer contracts.
The company is still investigating the breach and has implemented containment and remediation steps.
A threat actor called FulcrumSec has posted 2 gigabytes of files in underground forums claiming that the actor accessed LexisNexis’ Amazon Web Services infrastructure through an unpatched React frontend application React2Shell vulnerability, according to BleepingComputer.
CRN has reached out to Amazon for comment.
On a website purportedly used by FulcrumSec, the threat actor says that it has accessed records belonging to law firms, insurance companies, government agencies and universities.
The threat actor contacted LexisNexis about the breach and the company “decided not to work with us on this,” according to the website.
FulcrumSec has also taken credit for hacking Avnet, with the electronic components distributor confirming a breach back in October.
This isn’t the first breach LexisNexis has experienced. About 364,000 people were affected by a December 2024 breach at LexisNexis’ Risk Solutions division. The division discovered the breach in 2025, according to a report on the website of the office of the Maine attorney general.
New details have emerged in recent weeks around breaches including the hack of more than 600 Fortinet FortiGate firewalls, the July 2025 ransomware attack that disrupted Ingram Micro’s online systems and the exploitation of critical-severity vulnerabilities affecting an Ivanti mobile management tool.
