Overview

• An unauthorized actor accessed LexisNexis’s GitHub account on December 25, 2024, exposing sensitive personal records stored on a third-party development platform.
• Exposed data spans names, dates of birth, Social Security numbers, driver’s license numbers and contact information.
• LexisNexis discovered the intrusion on April 1, 2025, and has begun notifying approximately 360,000 affected individuals.
• The company reported the incident to law enforcement, engaged external cybersecurity experts and is bolstering its security controls.
• The breach has reignited calls for oversight after the CFPB withdrew proposed rules to restrict data brokers’ sale of sensitive consumer information.