LexisNexis Data Breach Affects 364,333 Individuals

LexisNexis Risk Solutions, a major provider of legal, regulatory, and business information, experienced a massive data breach. The breach, which took place on December 25, 2024, was discovered on May 14, 2025, and has impacted a total of 364,333 individuals across the United States.

The breach involved a Distributed Denial of Service (DDoS) attack, which was claimed by a threat actor known as RipperSec. The cybersecurity incident exposed personally identifiable information (PII), including names, contact information, phone numbers, postal addresses, email addresses, Social Security numbers, driver’s license numbers, and dates of birth.

The company notified affected individuals via U.S. mail beginning May 27, 2025. State-specific disclosures show that 28,933 Texans, 661 Mainers, and 4,770 South Carolinians were affected.

LexisNexis Risk Solutions reported the breach to the South Carolina Attorney General on May 27, 2025, the Maine and Vermont Attorney Generals' on May 28, 2025 and the California and Texas Attorney Generals' on May 29, 2025.

LexisNexis Risk Solutions's response

After discovering the breach, LexisNexis Risk Solutions began notifying affected individuals by U.S. mail and is taking steps to review security protocol.

If you received a notification from LexisNexis Risk Solutions, it is important to:

• Carefully review the notice and follow up on any additional communication from LexisNexis.
• Monitor your financial accounts and credit reports for unusual activity.
• Consider placing a fraud alert or security freeze on your credit file.
• Be cautious of phishing attempts or suspicious communications referencing this breach.

For more information, visit the LexisNexis website.