LexisNexis Legal & Professional, a division of the data analytics giant, has confirmed a recent data breach. The incident came to light after the cybercrime group Fulcrumsec claimed responsibility for the hack, alleging they had compromised a significant amount of company data.
Following an investigation, LexisNexis stated the matter is now contained and that its products and services were not compromised. Whereas, the company did engage a third-party digital forensics firm to manage the cleanup and assess the extent of the breach. The incident highlights the ongoing threat of cyberattacks targeting companies that handle large volumes of sensitive data, even those providing essential services to the legal profession.
According to a statement provided to The Register, the breach impacted a “limited number of servers” containing “mostly legacy, deprecated data from prior to 2020.” This data included customer names, user IDs, business contact information, details of products used, responses to customer surveys (including respondent IP addresses) and support tickets. Crucially, LexisNexis emphasized that sensitive personally identifiable information (PII) such as Social Security numbers, driver’s license numbers, financial details, active passwords, or client information were not accessed.
Details of the Breach and Fulcrumsec’s Claims
While LexisNexis downplayed the severity of the breach, characterizing the compromised data as largely outdated, the cybercrime group Fulcrumsec paints a different picture. The group claims to have exfiltrated over 2 gigabytes of data from a LexisNexis Amazon Web Services (AWS) instance. According to Fulcrumsec, the breach was facilitated by exploiting a vulnerability in a React container – specifically, an unpatched React2Shell vulnerability – first reported in December 2025.
Fulcrumsec alleges the data dump includes approximately 400,000 cloud user profiles containing PII such as names, email addresses, and phone numbers. The group further claims that over 118 of these profiles belong to personnel affiliated with the U.S. Government, including federal judges, Department of Justice attorneys, Securities and Exchange Commission staff, and court clerks. These claims remain unverified.
What Data Was Potentially Compromised?
Beyond user profiles, Fulcrumsec asserts it gained access to a substantial amount of database information. This includes 17 VPC databases and over 430 VPC database tables, 536 Redshift tables, 3.9 million database records, and 53 secrets reportedly stolen from AWS Secrets Manager. The group also alleges leaking over 21,000 customer account records belonging to a range of organizations, including government agencies, insurance companies, law firms, and universities.
Perhaps most concerning from a business perspective, Fulcrumsec claims to have obtained over 300,000 records detailing customer contracts. These records allegedly reveal pricing tiers, renewal dates, and the specific LexisNexis products utilized by various organizations. “This is the complete commercial relationship database,” Fulcrumsec wrote, claiming knowledge of pricing arrangements for high-profile clients like Gibson Dunn and the SEC.
LexisNexis’ Response and Ongoing Investigation
LexisNexis has stated it is continuing to investigate the breach and has implemented containment and remediation steps in coordination with cybersecurity experts. The company has also informed impacted current and previous customers about the incident. While LexisNexis has not disclosed the full scope of the breach, they maintain that their products and services remain secure.
It’s important to note that claims made by cybercrime groups should be treated with caution. Fulcrumsec’s assertions regarding the extent of the data compromised and the identities of affected individuals have not been independently verified. However, the incident serves as a reminder of the evolving cybersecurity landscape and the potential risks associated with storing sensitive data, even legacy information.
LexisNexis has not provided a timeline for the completion of its investigation. Customers with concerns about their data security are encouraged to monitor official updates from LexisNexis and to practice strong password hygiene and remain vigilant for potential phishing attempts.
If you are a LexisNexis customer and believe you may have been affected by this data breach, you can find more information and resources on the company’s website.
