Data broker giant LexisNexis Risk Solutions, a Georgia-based American data analytics company, has revealed that attackers stole the personal information of over 364,000 individuals in a December breach.
As disclosed in data breach notifications sent to affected people starting May 24th, LexisNexis was informed on April 1st that some of its data had been stolen from GitHub by an unknown threat actor using a compromised company account.
“On April 1, 2025, we learned that on December 25, 2024, an unauthorized third party acquired certain LNRS data from a third-party platform used for software development. The issue did not affect LNRS’s own networks or systems,” the notification letters said.
“Our Information Security team, in consultation with a forensic firm, immediately began investigating and confirmed that some data which was held in GitHub, a third-party platform used by LNRS for software development purposes was acquired by an unknown third party. Specifically, we have determined that some software artifacts as well as some personal information was accessed,” a LexisNexis spokesperson told BleepingComputer.
The data broker also disclosed in a filing with the Maine Attorney General’s Office that the resulting data breach impacted 364,333 individuals who had their personally identifiable information exposed.
However, it said the breach only affected their personal information, as the attackers didn’t access or steal financial information.
“The personal information involved was limited to name, contact information (such as phone number, postal or email address), Social Security number, driver’s license number or date of birth,” the spokesperson also told BleepingComputer. “No financial, credit card, or other sensitive personal information was accessed. There was no compromise of our own systems, infrastructure, or products.”
The company warned affected individuals to monitor their account statements and credit reports for fraud and identity theft attempts, and will provide them with two years of free identity protection and credit monitoring services.
LexisNexis is a subsidiary of RELX, a British multinational data analytics provider, and it has customers in over 180 countries and territories.
The data broker also has offices in 40 countries, employs over 11,800 people worldwide, and works with 85% of Fortune 500 companies and 91% of the Fortune 100, including nine of the world’s top 10 banks.
Update May 29, 07:39 EDT: Added LexisNexis statement.
Top 10 MITRE ATT&CK© Techniques Behind 93% of Attacks
Based on an analysis of 14M malicious actions, discover the top 10 MITRE ATT&CK techniques behind 93% of attacks and how to defend against them.