Overview

• Sensitive details including names, birth dates, Social Security numbers, driver’s license numbers and contact information of more than 364,000 individuals were compromised.
• The intrusion occurred on December 25, 2024 through a third-party software development platform tied to LexisNexis’s GitHub account and went undetected until April 1, 2025.
• LexisNexis reported the breach to law enforcement, engaged external cybersecurity experts and began notifying affected individuals in Maine and other states.
• No credit card or financial account data were involved, but the incident has intensified scrutiny of LexisNexis’s practices after reports that it sold driving data to insurers.
• Consumer Financial Protection Bureau rules to curb data brokers’ sale of sensitive information were officially withdrawn earlier this month after a Trump administration directive halted the proposal.