LexisNexis Breach

LexisNexis confirmed a data breach involving legacy information after a threat actor known as FULCRUMSEC leaked 2 GB of files on a cybercriminal forum. The incident targeted the company’s AWS infrastructure, with the attacker claiming to have exploited a vulnerability known as React2Shell in an unpatched React frontend application. While LexisNexis stated the compromised servers primarily contained deprecated data from prior to 2020, the leak reportedly includes the personal information of approximately 400,000 individuals.

The exposed dataset includes full names, phone numbers, email addresses, and business contact details. The breach allegedly affects over 100 users with official government email addresses, including federal judges, Department of Justice attorneys, and staff from the Securities and Exchange Commission. Although LexisNexis maintained that sensitive identifiers like Social Security numbers or financial data were not involved, the threat actor claims the exfiltrated files contain AWS secrets, API keys, and cleartext passwords within IT support tickets. This incident follows a 2025 breach involving the company’s Risk Solutions division, highlighting persistent security challenges for major data providers.