LexisNexis Risk Solutions, a major player in the global data brokerage industry, has now reportedly disclosed a significant cybersecurity breach that exposed the personal information of more than 364,000 individuals.
The company reported that the breach occurred late last year and was discovered several months later, raising fresh concerns about data security in an industry that operates with minimal public scrutiny.
According to a data breach notification filed with authorities, the incident began on December 25, 2024, when an unauthorized third party accessed LexisNexis systems through a software development account hosted on GitHub.
The breach was not discovered until April 1, 2025.
The compromised data includes names, addresses, Social Security numbers, dates of birth, and driver’s license numbers—highly sensitive personal details that could be used for identity theft and financial fraud. The specific data exposed varies by individual.
The company said it has taken immediate steps to notify those affected and is offering credit monitoring and identity protection services at no cost.
While the breach did not reportedly affect LexisNexis’s primary commercial operations, it underscores broader risks associated with the vast and largely unregulated data broker industry.
LexisNexis Risk Solutions compiles and analyzes billions of data points from public records, credit reports, and commercial transactions to build detailed consumer profiles.
These profiles are then sold to insurers, debt collectors, financial institutions, and government agencies.
In recent years, the company’s data practices have drawn criticism from consumer advocates and privacy experts, who warn that Americans often have little control or even awareness of how their personal information is collected, packaged, and sold.
This latest breach is expected to heighten scrutiny of the data broker industry, which has faced relatively little regulation compared to other sectors that handle sensitive consumer information.
Concerns about transparency and accountability in the industry are mounting. Although some federal agencies have called for tighter oversight, legislative efforts to impose stronger privacy protections have struggled to gain traction.
Proposed rules to curb the sale of personal data—including Social Security numbers and financial records—have been delayed or shelved.
A broader push to restrict the transfer of Americans’ data to foreign entities has similarly stalled in Congress.
Security experts warn that breaches of this kind are likely to continue without more robust safeguards and greater oversight.
“What this shows is that even some of the most sophisticated data handlers are vulnerable,” said one analyst familiar with the industry. “And when they get hit, it’s not just a company problem—it’s a problem for hundreds of thousands of individuals who had no idea their information was being stored in the first place.”
LexisNexis said it has strengthened its cybersecurity protocols in response to the breach and is working with law enforcement to investigate the incident. The company has not commented publicly on whether any data has been misused.
As digital data continues to drive decision-making across industries, the breach serves as a stark reminder of the high stakes in an increasingly connected world—and the consequences when data stewards fail to protect it.
[READ MORE: Open AI Moves to Downgrade Its Operator Agent]
