The data analytics firm LexisNexis Risk Solutions says it suffered a breach that could have exposed the names, Social Security numbers, contact information, and driver’s license numbers of over 364,000 people, as reported earlier by TechCrunch. In a notice filed with the state of Maine, LexisNexis says “an unauthorized third party” accessed its data through a third-party software development platform.
The breach occurred on December 25th, but Lexis Nexis only discovered it on April 1st, 2025, and is just starting to notify people. The company says it “promptly launched an investigation” and “notified law enforcement” once it discovered the breach, adding that the types of information exposed “varied by affected individual.”
LexisNexis spokesperson Jennifer Richman told TechCrunch that an attacker obtained the data through the firm’s GitHub account. Neither LexisNexis nor GitHub immediately responded to The Verge’s request for comment.
LexisNexis is one of the biggest data brokers in the US, as it works to collect and sell vast amounts of personal information for fraud and risk assessment. Last year, LexisNexis was named in a report from The New York Times, which found that automakers had been sharing driving data with the firm that the firm then sold to insurance companies, leading to higher premiums for the drivers. Other than serving as a data broker, LexisNexis also offers access to a database of news articles, public records, and legal documents.
